#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services | Wiz Blog
Tags
attack-pattern: Data Direct Model Cloud Services - T1021.007 Credentials - T1589.001 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Private Keys - T1552.004 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Vulnerabilities - T1588.006 Keychain - T1142 Private Keys - T1145
Show in Graph
Common Information
Type Value
UUID fa38fe07-2538-4c69-951e-de7eb9f6bee4
Fingerprint 2d28dbd08d3567ad
Analysis status DONE
Considered CTI value 0
Text language
Published April 19, 2023, 9 a.m.
Added to db Nov. 20, 2023, 12:26 a.m.
Last updated Nov. 17, 2024, 10:43 p.m.
Headline #BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
Title #BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services | Wiz Blog
Detected Hints/Tags/Attributes 79/1/10
Source URLs
Redirection Url
Details Source https://www.wiz.io/blog/brokensesame-accidental-write-permissions-to-private-registry-allowed-potential-r
URL Provider
Details Provider Source level domain
Details wiz.io www.wiz.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 398 Wiz Blog | RSS feed https://www.wiz.io/blog/rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 73 
cve-2023-28252
Details CVE 46 
cve-2023-21554
Details Domain 41 
wiz.io
Details Domain 37 
proc.name
Details Domain 15 
proc.pid
Details Domain 2 
eu-central-1.aliyuncs.com
Details Email 24 
research@wiz.io
Details File 124 
os.sys
Details File 2 
docker_tools.log
Details File 2 
k8s_ctx.py