Back to directory
WRITEUP #2186

AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes

CloudCross-tenant vulnerabilityBroken authorization
by@eladgabay_(Elad Gabay)
Program
Oracle
Published
Sep 20, 2022
Added to HackDex
Sep 22, 2022
Read Full Writeuphttps://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access
RELATED WRITEUPS
Capturing Exposed AWS Keys During Dynamic Web Application Tests
CloudBroken authorization
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC

Built with ❤️ by Shubham Rawat