Rami McCarthy

## Summary (give a brief description of the issue) AWS and Google Composer managed Apache Airflow services were vulnerable to CVE-2023-29247 ([Stored XSS](https://portswigger.net/web-security/cross-site-scripting/stored)) ## References (provide links to blogposts, etc.)...

## Summary (give a brief description of the issue) Image Markdown Injection in Google Cloud Vertex AI. An attacker can exfiltrate the current chat conversation by appending it to the...

## Summary (give a brief description of the issue) Image Markdown Injection in Azure AI Playground. An attacker can exfiltrate the current chat conversation by appending it to the src...

## Summary (give a brief description of the issue) > Specifically, we also find that the Google Cloud Shell can be exploited as it exposes the docker.sock to containers, allowing...

shard reads the presentation of a captcha for LinkedIn as a false positive

## Summary (give a brief description of the issue) > When a user supplied create-launch-configuration command, no check was performed to see if the role was authorized to assign a...

## Summary (give a brief description of the issue) ### Undocumented API allowed reading partial secrets > When looking at the API console for the AppFlow API model, we stumbled...

## Summary (give a brief description of the issue) > These issues include fixing the information disclosure of the index names for private AWS-managed ElasticSearch clusters, enforcing host header authentication...

## Summary (give a brief description of the issue) > The vulnerability was a post-exploitation attack on AWS's CodeBuild service. It required high privileges to exploit, but with these privileges,...