Cloud Security

Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data

Issued by: Security Week

Source
Advertisement


Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cloud Identifier (OCID).

“OCI customers could have been targeted by an attacker with knowledge of #AttachMe. Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been read from or written to as long as an attacker had its Oracle Cloud Identifier (OCID),” Wiz security researcher Elad Gabay explains.

Essentially, because of this vulnerability, cloud isolation in OCI no longer worked, allowing anyone to attach disks to virtual machines in other accounts, without requiring permissions.

Read more
You might also like
Cloud Security

The security challenges of managing complex cloud environments

Cloud Security

Arista partners with VMware and Zscaler for hybrid cloud security

Cloud Security

Organizations feel ready to put highly sensitive data in the cloud

Cloud Security

How data breaches forced Amazon to update S3 bucket security

Advertisement