Back to directory
WRITEUP #1275

#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services

CloudRCEContainer escapeKubernetesPrivilege escalationLateral movementSupply chain attackCross-tenant vulnerability
by@ronenshh(Ronen Shustin)
Program
Alibaba
Published
Apr 19, 2023
Added to HackDex
Apr 24, 2023
Read Full Writeuphttps://www.wiz.io/blog/brokensesame-accidental-write-permissions-to-private-registry-allowed-potential-r
RELATED WRITEUPS
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
AI / LLMAI
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
AI / LLMAI
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC

Built with ❤️ by Shubham Rawat