bitcoin
bitcoin

$98637.380195 USD

-0.55%

ethereum
ethereum

$3467.483802 USD

-1.56%

tether
tether

$0.998944 USD

-0.06%

xrp
xrp

$2.285092 USD

-2.31%

bnb
bnb

$699.341946 USD

0.31%

solana
solana

$198.430358 USD

0.58%

dogecoin
dogecoin

$0.331028 USD

-1.55%

usd-coin
usd-coin

$0.999926 USD

-0.01%

cardano
cardano

$0.911982 USD

-3.09%

tron
tron

$0.256922 USD

-0.34%

avalanche
avalanche

$40.397783 USD

-2.32%

chainlink
chainlink

$24.537460 USD

-1.24%

toncoin
toncoin

$5.955405 USD

2.52%

shiba-inu
shiba-inu

$0.000023 USD

-1.43%

sui
sui

$4.525796 USD

-2.72%

Cryptocurrency News Articles

Critical LeakyCLI Flaw Leaks Sensitive Data in Google Cloud, Azure, and AWS

Apr 17, 2024 at 09:12 pm

A high-severity vulnerability, dubbed "LeakyCLI" (CVE-2023-36052), has been discovered in Google Cloud, Azure, and AWS command line interface tools. This flaw allows unintended leakage of access tokens and sensitive information from GitHub Actions, TravisCI, CircleCI, and Cloud Build logs. Threat actors could exploit this to access credentials and sensitive resources of repository owners.

Critical LeakyCLI Flaw Leaks Sensitive Data in Google Cloud, Azure, and AWS

High-Severity Vulnerability in LeakyCLI Tools Exposes Sensitive Information in Google Cloud, Azure, and AWS

A critical vulnerability has been discovered in the command line interface (CLI) tools of Google Cloud, Azure, and Amazon Web Services (AWS), exposing sensitive information to unauthorized access. Dubbed "LeakyCLI," the flaw threatens organizations' security by potentially compromising confidential data.

Tracked as CVE-2023-36052, the vulnerability allows adversaries to access unintended access tokens and sensitive information, including credentials, usernames, and keys. This information could grant attackers the ability to access any resources available to the repository owners, leading to further malicious activity.

A report from cybersecurity firm Orca Security highlights the exploitation of the vulnerability in GitHub projects on GitHub Actions, TravisCI, CircleCI, and Cloud Build logs. Researchers emphasize that the compromised environment variables can be used to view confidential information, including passwords.

"If malicious actors gain access to these environment variables, they could potentially view sensitive information, including credentials such as passwords, usernames, and keys," said Roi Nisimi, a researcher at Orca Security.

Microsoft promptly addressed the bug in November. However, Amazon and Google consider the issue to be expected behavior, encouraging users to utilize dedicated secrets storage services.

Organizations are advised to take immediate action to mitigate this high-severity vulnerability. Regular software updates and the diligent use of secrets storage services are essential to protect sensitive data and prevent unauthorized access.

Experts recommend the following best practices to minimize risk:

  • Keep software updated with the latest security patches.
  • Utilize secrets management services to securely store and access sensitive credentials.
  • Regularly review and audit system logs to detect any suspicious activity.
  • Enforce strong password policies and enable multi-factor authentication.

By adhering to these guidelines, organizations can significantly reduce the likelihood of exploitation through the LeakyCLI vulnerability and safeguard their sensitive information from unauthorized access.

Disclaimer:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

Other articles published on Dec 26, 2024