Aqua Blog

Gal Singer

GitHub Bug Allowed Third-Party Apps to Gain Elevated Permissions

GitHub Bug Allowed Third-Party Apps to Gain Elevated Permissions

We learned about a bug in GitHub that for about five days at the end of February allowed third-party applications connected to GitHub to generate new scoped installation tokens with elevated permissions. For example, if you connected the Codecov app to your GitHub account with read-only access to your repositories, …

Continue reading ›
Detecting and Analyzing an Apache Struts Exploit with Tracee

Detecting and Analyzing an Apache Struts Exploit with Tracee

When running third-party applications in your cloud environments, you inherently put your workloads at greater risk. This is especially the case when the third-party software exposes some API function to the public web. Apache Struts 2 is a popular open source cross-platform web application framework, used by many …

Continue reading ›
CVE-2020-15275: New Vulnerability Exploits containerd-shim API

CVE-2020-15275: New Vulnerability Exploits containerd-shim API

A year of challenges isn’t quite over yet, as a new vulnerability was found in containerd, CVE-2020-15257. When exploited, after providing a connection through the container to the host network, an attacker can gain root privileges on the host. This vulnerability was disclosed by Jeff Dileo of NCC Group, our …

Continue reading ›
CVE-2020-15157: Vulnerability in Containerd Can Leak Cloud Credentials

CVE-2020-15157: Vulnerability in Containerd Can Leak Cloud Credentials

A new vulnerability was found in containerd, located in the container image-pulling process. The new CVE includes manipulation of the image manifest, allowing attackers to craft an image that can leak the host’s registry or cloud credentials when pulled from a registry. This leak occurs even before the image is …

Continue reading ›
Threat Alert: Kinsing Malware Attacks Targeting Container Environments

Threat Alert: Kinsing Malware Attacks Targeting Container Environments

Lately we’ve been witnessing a rise in the number of attacks that target container environments. We’ve been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. This persistent campaign has been going on for months, with thousands of attempts taking place nearly on a daily …

Continue reading ›