Jay Taylor's notes
back to listing indexAttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes | Wiz Blog
[web search]
Original source (www.wiz.io)
Tags:
cloud
cloud-computing
storage
vulnerabilities
oracle
bola
broken-object-level-authorization
oracle-cloud-infrastructure
wiz
www.wiz.io
Clipped on: 2022-09-21
Before it was patched, #AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required.
Today, there is no clear process around cloud vulnerabilities enforced by the security community. Cloud vulnerabilities are not issued CVEs, so they are very hard for customers to track. Recently, researchers from Wiz along with other cloud security community members initiated the Open Cloud Vulnerability & Security Issue Database to help cloud users and defenders monitor and track cloud vulnerabilities. If you are interested in contributing, you can check out the OpenCVDB GitHub.
Secure everything you build and run in the cloud
Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, and Kubernetes so they can build faster and more securely.
Continue reading
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.
$100M ARR in 18 months: Wiz becomes the fastest-growing software company ever
Just two years since its launch, Wiz protects hundreds of the world’s leading organizations by enabling them to build faster and more securely in the cloud
Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta
Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead hyper-growth