One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8348159 |
| Date de publication | 2023-06-22 12:05:42 (vue: 2023-06-22 17:06:57) |
| Titre | Google Cloud attribue 313 337 $ en 2022 Prix VRP Google Cloud Awards $313,337 in 2022 VRP Prizes |
| Texte | Anthony Weems, Information Security Engineer2022 was a successful year for Google\'s Vulnerability Reward Programs (VRPs), with over 2,900 security issues identified and fixed, and over $12 million in bounty rewards awarded to researchers. A significant amount of these vulnerability reports helped improve the security of Google Cloud products, which in turn helps improve security for our users, customers, and the Internet at large.We first announced the Google Cloud VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud and to incentivize sharing knowledge on Cloud vulnerability research with the world. This year, we were excited to see an increase in collaboration between researchers, which often led to more detailed and complex vulnerability reports. After careful evaluation of the submissions, today we are excited to announce the winners of the 2022 Google Cloud VRP Prize.2022 Google Cloud VRP Prize Winners1st Prize - $133,337: Yuval Avrahami for the report and write-up Privilege escalations in GKE Autopilot. Yuval\'s excellent write-up describes several attack paths that would allow an attacker with permission to create pods in an Autopilot cluster to escalate privileges and compromise the underlying node VMs. While thes |
| Envoyé | Oui |
| Condensat | $12 $13 $133 $17 $31 $313 $73 $31 2019 2022 2nd 311: 331: 337 337: 373: 3rd 3xx 4th 5th 6th 7th 900 @googlevrp abusing access accessible after aks all allow allowed amazon amount analyzing announce announced anthony arbitrary are ashok attack attacker authorization autopilot avrahami awarded awards azure behavior being ben better between bounty bugra bugs bypass bypassing careful chain clever clicked clicking client cloud cluster code collaboration combines command complex compromise congratulations controlled could covers create creation cross csrf curious customers deactivating default demonstrate describes detailed directly discovered discovering eks encourage engineer2022 escalate escalation escalation: escalations eskici evaluation excellent excessive excited execution exploit feedburner file files first fixed focus follow forgery format found full functionality future gain gce given gke google hacking hai happy hardening have helped helps hosting identified importance improve improvements incentivize including increase information injected injection internet issues journey key keys knowledge kubernetes large led link make many million more news node oauth obmi offering often over parameter paths permission permissions persistence platforms pods point popular privilege privileges prize prizes process products programs project providers proxy public python query redirect report reports request research researchers reward rewards script secure security see several sharing shaul shell side significant site sivanesh sreeram ssh ssrf standard state steal strange submissions successful takeover them then these today token tricking turn turned underlying updates upload url use user users vectors vertex very vms vrp vrps vulnerabilities vulnerability weems which whitepaper winners winners1st workstations world would write year yuval |
| Tags | Vulnerability Cloud |
| Stories | Uber |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.