新型態漏洞LeakyCLI恐曝露AWS及Google Cloud帳密
· 2024-04-17

研究人員發現名為LeakyCLI的漏洞,並指出影響兩大雲端服務系統AWS、Google Cloud Platform(GCP)的命令列介面(CLI)

去年11月,微軟對Azure的命令列介面(CLI)修補高風險漏洞CVE-2023-36052,一旦該漏洞遭到利用,攻擊者就有機會從事件記錄檔案挖掘明文使用者名稱及密碼,CVSS風險評為8.6分。但如今有研究人員發現,這樣弱點並非Azure獨有,其他雲端服務也存在類似缺陷。

資安業者Orca揭露名為LeakyCLI的漏洞,並指出該漏洞也出現在AWS及Google Cloud Platform(GCP)的CLI,涉及這些雲端平臺的自動化開發流程,一旦使用者將此種命令列介面搭配CI/CD管線流程使用,攻擊者就有機會繞過雲端服務業者設下封鎖機密資訊曝露的標籤,而有機會從事件記錄曝露帳密資料等環境變數。

對此,研究人員通報AWS及Google,但兩家公司皆認為,研究人員的發現符合自家系統的設計規畫,並未打算著手處理。研究人員表示,企業組織應避免將帳密等機密資訊存放於環境變數,而應該將由AWS Secrets Manager這類專屬服務保管,防止曝險。

热门文章
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
That’s a Wrap: AffPapa Conference Madrid 2026 Highlights
Online Game
PropellerAds Positions Itself as a Go-To Traffic Source for iGaming Advertisers Ahead of a High-Demand Season
Marketing
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
What’s on the SBC Summit Conference Agenda in 2026?
Marketing
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
Zenith partners with HUIDU for 2026 World Cup Carnival Official Tour
Online Game
Indiana online casino bill stalls in House committee
Regulation
DB Gaming Is One of Asia’s Top-Tier Game Solution Providers, Recognized as a Pioneer in the Asian Gaming Industry.
Marketing
GAT Expo CDMX 2026 Kicks Off Today in Mexico with a Sold-Out Opening Reception at Big Bola Casino Santa Fe
Marketing
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
首页
游戏
合作
发现
我的