Comments (2)
0xdabbad00
commented on July 26, 2024
CVE's are assigned roughly by order of when requests for them are submitted. Because this data set includes issues identified before the creation of this repo, we're going to have to assign these historically, with something like CSPI-2019-01, CSPI-2019-02, etc. where CSPI would mean "Cloud Service Provider Issue". This won't be entirely chronological because in the future people will point out past issues I missed, and also right now the "first" issue is https://github.com/SummitRoute/csp_security_mistakes#gcp-default-compute-account-is-project-editor but I don't know when that issue was first identified (and I've been hesitant to even include that specific issue as it seems more of a technical decision).
I need a better acronym. Maybe make some backronym out of "CRISPI" as that would be more memorable?
from csp_security_mistakes.
mwarkentin
commented on July 26, 2024
Does it make sense to include the CSP in the identifier as well?
from csp_security_mistakes.
Related Issues (20)
- Add old subdomain take-over issue
- (Orca) OCI: Service internally using legacy metadata endpoint, enabling SSRF
- Reference other cloud CVE projects HOT 1
- AWS WAF Bypass HOT 1
- Add cognito issue
- Add Autowarp HOT 1
- Add GKE Autopilot issue
- Add 2016 Azure issue
- Add Codebuild data exfil
- Wrong reference for Azure NotLegit HOT 1
- Add Azure AD Information Disclosure (Secureworks 2021)
- Add RDS issue from Lightspin
- Add AWS package backfill attack
- Add AWS ELB Cache headers issue HOT 1
- Add Ben Reser's MWAA vuln HOT 1
- Add GCP Dataflow RCE
- Add GCP bypass Google Kubernetes Engine (GKE) Authorized Networks
- Add GCP VRP prize winners
- Azure SynLapse
- AWS Redshift CVE-2022-29972
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csp_security_mistakes.