The AWS Amplify service was found to be misconfiguring IAM roles associated with Amplify projects. This misconfiguration caused these roles to be assumable by any other AWS account. Both the Ampl...
Mon, Apr 15th, 2024
When the ASR service is enabled, it uses an Automation Account with a System-Assigned Managed Identity to manage Site Recovery extensions on VMs. However, the Runbook (a set of scripts for managing...
Tue, Feb 13th, 2024
Three privilege escalation and denial-of-service vulnerabilities were discovered in Azure HDinsight, related to their usage of Apache Oozie and Ambari. The root cause of at least one of these vulne...
Tue, Feb 6th, 2024
Azure Pipelines and GitHub Actions allow deployment of runners and agents using VM images sourced from a GitHub-managed repository (github.com/actions/runner-images). This repo was misconfigured to...
Wed, Dec 20th, 2023
AWS identified an issue in the Amazon WorkSpaces Windows client which resulted in unintentionally logging connection debugging information to a user's local system. This data could include username...
Fri, Oct 6th, 2023
A vulnerability in Power Platform could lead to unauthorized access to Custom Code functions used for custom connectors, thereby allowing cross-tenant information disclosure of secrets or other sen...
Fri, Aug 4th, 2023