-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Create power-platform-info-leak.yaml * Create badbuild.yaml * Add files via upload * Update badbuild.yaml
- Loading branch information
Showing
4 changed files
with
73 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
title: Bad.Build | ||
slug: badbuild | ||
cves: null | ||
affectedPlatforms: | ||
- GCP | ||
affectedServices: | ||
- Cloud Build | ||
image: https://raw.githubusercontent.com/wiz-sec/open-cvdb/main/images/badbuild.jpg | ||
severity: Low | ||
discoveredBy: | ||
name: Roi Nisimi | ||
org: Orca Security | ||
domain: orca.security | ||
twitter: null | ||
publishedAt: 2023/07/18 | ||
disclosedAt: null | ||
exploitabilityPeriod: null | ||
knownITWExploitation: false | ||
summary: | | ||
An information disclosure vulnerability in the Google Cloud Build service could have | ||
allowed an attacker to view sensitive logs if they had gained prior access to a GCP | ||
environment and had permission to create a new Cloud Build instance (cloudbuild.builds.create) | ||
or permission to directly impersonate the Cloud Build default service account (which is highly | ||
privileged by design and therefore considered to be a known privilege escalation vector in GCP). | ||
An attacker could then potentially use this information in order to better facilitate lateral movement, | ||
privilege escalation or a supply chain attack by other means. This issue was due to excessive | ||
permissions granted to the default service account created by Cloud Build, particularly access to | ||
audit logs containing all project permissions (logging.privateLogEntries.list). | ||
manualRemediation: | | ||
None required | ||
detectionMethods: null | ||
contributor: https://github.com/korniko98 | ||
references: | ||
- https://cloud.google.com/build/docs/security-bulletins#GCP-2023-013 | ||
- https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
title: Power Platform Custom Code information disclosure | ||
slug: power-platform-info-leak | ||
cves: null | ||
affectedPlatforms: | ||
- Azure | ||
affectedServices: | ||
- Power Platform | ||
image: https://raw.githubusercontent.com/wiz-sec/open-cvdb/main/images/power-platform-info-leak.jpg | ||
severity: High | ||
discoveredBy: | ||
name: Evan Grant | ||
org: Tenable | ||
domain: tenable.com | ||
twitter: null | ||
publishedAt: 2023/08/04 | ||
disclosedAt: 2023/03/30 | ||
exploitabilityPeriod: null | ||
knownITWExploitation: false | ||
summary: | | ||
A vulnerability in Power Platform could lead to unauthorized access to Custom | ||
Code functions used for custom connectors, thereby allowing cross-tenant information | ||
disclosure of secrets or other sensitive information if these were embedded in a | ||
Custom Code function. The issue occurred as a result of insufficient access control | ||
to Azure Function hosts, which are launched as part of the creation and operation of | ||
custom connectors in Microsoft’s Power Platform. An attacker who determined the | ||
hostname of the Azure Function associated with the custom connector could interact | ||
with the function without authentication. Microsoft fixed the issue by requiring Azure | ||
Function keys for accessing the Function hosts and their HTTP trigger. An initial fix | ||
was deployed (on June 7th, 2023), but customers using affected Custom Code in a "soft | ||
deleted state" (part of a data recovery mechanism) remained vulnerable until a later | ||
fix was applied (on August 2nd, 2023). | ||
manualRemediation: | | ||
None required | ||
detectionMethods: null | ||
contributor: https://github.com/korniko98 | ||
references: | ||
- https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/ | ||
- https://www.tenable.com/security/research/tra-2023-25 |
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
Sorry, something went wrong.
8f885b7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@check-spelling-bot Report
🔴 Please review
See the 📜action log for details.
Unrecognized words (420)
To accept ✔️ these unrecognized words as correct and remove the previously acknowledged and now absent words, run the following commands
... in a clone of the git@github.com:wiz-sec/open-cvdb.git repository
on the
add-images-for-new-vulns
branch (ℹ️ how do I use this?):Available 📚 dictionaries could cover words not in the 📘 dictionary
Consider adding them using (in
.github/workflows/spelling.yml
):To stop checking additional dictionaries, add:
Errors (1)
See the 📜action log for details.
See ❌ Event descriptions for more information.
If the flagged items are false positives
If items relate to a ...
binary file (or some other file you wouldn't want to check at all).
Please add a file path to the
excludes.txt
file matching the containing file.File paths are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your files.
^
refers to the file's path from the root of the repository, so^README\.md$
would exclude README.md (on whichever branch you're using).well-formed pattern.
If you can write a pattern that would match it,
try adding it to the
patterns.txt
file.Patterns are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your lines.
Note that patterns can't match multiline strings.