Danielle Aminov
@danielleaminov.bsky.social
Threat researcher @ Wiz ✨
What an honor to share our talk on “In-the-Wild Abuse of App Misconfigs” at @districtcon.bsky.social year 0! So much talent in one place, and massive kudos to the organizers for creating such an epic event and overcoming an entire-block power outage. Looking forward to next year! 🪩✨🌸
February 24, 2025 at 3:33 PM
What an honor to share our talk on “In-the-Wild Abuse of App Misconfigs” at @districtcon.bsky.social year 0! So much talent in one place, and massive kudos to the organizers for creating such an epic event and overcoming an entire-block power outage. Looking forward to next year! 🪩✨🌸
Exposed env endpoint – the following example shows exposed env endpoint leaking DB login credentials and endpoint information:
December 16, 2024 at 8:14 PM
Exposed env endpoint – the following example shows exposed env endpoint leaking DB login credentials and endpoint information:
Even without CVE-2022-22947, exposing the gateway endpoint leads to SSRF by design, as it allows creating new routes. This enables attackers to access for example - cloud metadata services (IMDSv1), and other sensitive resources.
Here's an SSRF example with IMDSv1 configured VM:
Here's an SSRF example with IMDSv1 configured VM:
December 16, 2024 at 8:14 PM
Even without CVE-2022-22947, exposing the gateway endpoint leads to SSRF by design, as it allows creating new routes. This enables attackers to access for example - cloud metadata services (IMDSv1), and other sensitive resources.
Here's an SSRF example with IMDSv1 configured VM:
Here's an SSRF example with IMDSv1 configured VM:
Spring Cloud Gateway versions 3.1.0, 3.0.0–3.0.6, and older are vulnerable to RCE (CVE-2022-22947). According to Wiz data, 28% of cloud environments using Spring Cloud Gateway are at risk. Exploitation requires misconfiguration exposing the gateway endpoint.
December 16, 2024 at 8:14 PM
Spring Cloud Gateway versions 3.1.0, 3.0.0–3.0.6, and older are vulnerable to RCE (CVE-2022-22947). According to Wiz data, 28% of cloud environments using Spring Cloud Gateway are at risk. Exploitation requires misconfiguration exposing the gateway endpoint.
The heapdump endpoint is designed to capture the current state of the Java heap - if sensitive information is loaded into the memory of a Java application’s JVM during its runtime, these might be included in the heap dump. Here's an example of a heap dump showing a leaked JWT.
December 16, 2024 at 8:14 PM
The heapdump endpoint is designed to capture the current state of the Java heap - if sensitive information is loaded into the memory of a Java application’s JVM during its runtime, these might be included in the heap dump. Here's an example of a heap dump showing a leaked JWT.
I was looking into how organizations deploy Spring Boot Actuator in the cloud and found 1 in 4 exposed Actuators had security flaws leading to data leaks or RCE. These risks are more common than you'd think..⚠️
December 16, 2024 at 8:14 PM
I was looking into how organizations deploy Spring Boot Actuator in the cloud and found 1 in 4 exposed Actuators had security flaws leading to data leaks or RCE. These risks are more common than you'd think..⚠️