Writeups List | WriteupDB

Write-ups

Check The Published Writeups

WDB	Title	Tags	Programs	Authors	Type	Publication	Added
3147	Cross-tenant Cloud Function compromise via storage bucket squatting	Cross-tenant vulnerability	Google	Anthony Weems	Bug Bounty	2020-09-20	2023-06-13
2091	ChaosDB Explained: Azure%27s Cosmos DB Vulnerability Walkthrough	Cross-tenant vulnerability Account takeover Privilege escalation	Microsoft	Nir Ohfeld (@nirohfeld)	Bug Bounty	2021-11-10	2023-06-13
1760	AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service	Cross-tenant vulnerability Account takeover	Microsoft	Yanir Tsarimi (@Yanir_)	Bug Bounty	2022-03-07	2023-06-13
1591	Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL	Cross-tenant vulnerability Privilege escalation Authentication bypass Cloud	Microsoft	Shir Tamari (@shirtamari)	Bug Bounty	2022-04-28	2023-06-13
1470	SynLapse – Technical Details for Critical Azure Synapse Vulnerability	Cross-tenant vulnerability RCE Cloud	Microsoft	Tzah Pahima (@TzahPahima)	Bug Bounty	2022-06-14	2023-06-13
1419	FabricScape: Escaping Service Fabric and Taking Over the Cluster	Container escape Local Privilege Escalation Cross-tenant vulnerability	Microsoft	Unit 42 (@Unit42_Intel)	Bug Bounty	2022-06-28	2023-06-13
1246	The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors	Privilege escalation Cross-tenant vulnerability OS command injection Local Privilege Escalation Cloud	Google Microsoft Aiven	Shir Tamari (@shirtamari)	Bug Bounty	2022-08-11	2023-06-13
1060	AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes	Cloud Cross-tenant vulnerability Authorization flaw	Oracle	Elad Gabay (@eladgabay_)	Bug Bounty	2022-09-20	2023-06-13
659	ACSESSED: Cross-tenant network bypass in Azure Cognitive Search	Cloud Cross-tenant vulnerability Privilege escalation	Microsoft (Azure)	Emilien Socchi (@emiliensocchi)	Bug Bounty	2022-12-22	2023-06-13
251	Riding the Azure Service Bus (Relay) into Power Platform	RCE Cross-tenant vulnerability Cloud Insecure deserialization	Microsoft (Azure)	Nick Landers (@monoxgas)	Bug Bounty	2023-03-30	2023-06-13
236	Two Minor Cross-Tenant Vulnerabilities in AWS App Runner	Cross-tenant vulnerability Cloud	AWS	Nick Frichette (@frichette_n)	Bug Bounty	2023-04-03	2023-06-13
182	#BrokenSesame: Accidental write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services	Cloud RCE Container escape Kubernetes Privilege escalation Lateral movement Supply chain attack Cross-tenant vulnerability	Alibaba	Ronen Shustin (@ronenshh)	Bug Bounty	2023-04-19	2023-06-13