search

wiz-sec / open-cvdb

An open project to list all publicly known cloud vulnerabilities and CSP security issues
https://cloudvulndb.org
Creative Commons Attribution 4.0 International
297 stars 59 forks source link

[Contribution] Add Nitesh Surana Azure ZDI findings #283

Open ramimac opened 4 months ago

ramimac commented 4 months ago

Summary (give a brief description of the issue)

ZDI-24-208 (9.8) Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability ZDI-23-1588 (8.8) Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability ZDI-23-1056 (4.4) (0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability ZDI-23-880 (5.5) Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability ZDI-23-380 (6.5) Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability ZDI-23-161 (6.5) Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability ZDI-23-097 (6.8) Microsoft Azure Machine Learning Service JWT Cleartext Storage of Credentials Information Disclosure Vulnerability ZDI-23-096 (6.5) Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability ZDI-23-095 (6.5) Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability