57 matches found
Stronger Cloud Security in Azure Functions Using Custom Cloud Container
In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions...
MAL-2022-1331 Malicious code in azure-function-core-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11ecdbb74c41602ea68433f7958e933687b012943bc3c9fdcf70f5161cf07443 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-functions-ux-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c5287c7ea0d869d1e5f712945de550f0fe6f516ac825227f90c65c65f9a7f11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1333 Malicious code in azure-functions-ux-build (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c5287c7ea0d869d1e5f712945de550f0fe6f516ac825227f90c65c65f9a7f11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Azure Functions Local Settings Detected
Azure Functions is a public cloud service from Microsoft providing a serverless computing platform which supports various programming languages C, Python, JavaScript.... Before deploying their functions to the cloud, developers often write and test their code in their local development environmen...
Automating security assessments using Cloud Katana
Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...
Automating security assessments using Cloud Katana
Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...
Azure Functions Weakness Allows Privilege Escalation
A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. Flushing...
New Docker Container Escape Bug Affects Microsoft Azure Functions
Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...
New Docker Container Escape Bug Affects Microsoft Azure Functions
Cybersecurity researcher Paul Litvak today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab's investigations into the Azure...
@medley/medley (>=0.11.0 <=0.12.1), @nova/azure-functions (>=0.3.0 <=0.3.3) +1 more potentially affected by CVE-2020-7764 via find-my-way (>=2.0.1 <=2.1.0)
find-my-way NPM version =2.0.1, =0.11.0, =0.3.0, =1.0.0, =1.1.0 Source cves: CVE-2020-7764 Source advisory: SNYK:JS-FINDMYWAY-1038269...
CVE-2020-16904
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...
CVE-2020-16904 Azure Functions Elevation of Privilege Vulnerability
...
Azure Functions Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...
KLA11973 Multiple vulnerabilites in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Network Watcher Agent Virtual Machine Extension for Linux can be exploited...
PT-2020-4387 · Microsoft · Azure Functions
Name of the Vulnerable Software and Affected Versions: Azure Functions affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this...
Information Exposure
Overview Versions of apollo-server-azure-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...