Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default -multi_tenant_domain option. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |