Philip Voß

icon indicating a website link https://domaindetect.io

icon location Münster icon location </h6><script>alert('hello world')</script>

Results 6 issues of Philip Voß

Is GetJobDetails considered a possible privelege escalation as well?

1 comment

Hey there, the codepipeline action "GetJobDetails" may return temporary s3 credentials which allow access to artifacts. Therefore, with the GetJobDetails action permission you can grab temporary credentials and access artifacts....

Add onSettled

I have added an onItemSettled Listener. It is not possible to do it with the suggested velocity == 0 condition. That is why i did with a handler. Furthermore i...

Is there a "isRotating" option?

1 comment

Hey, is there an option to retrieve information about the wheel's rotating status? It would be really helpful! Edit: Just saw your "//TODO onWheelItemSettled? "

Add information on IMDSv2

Using the metadata proxy does not - depending on the threat model and the used imds version - necessarily make sense. Therefore i added information on imdsv2 in the preface.

Typo3Scan is in public archive and no longer maintained

1 comment

It's rather an FYI - the implemented typo3scan is no longer maintained by the developer and should be considered to deprecate it in SCB as well? https://github.com/whoot/Typo3Scan

question

Add hint on security groups being stateful

Other than NACLs, Security Groups are stateful meaning that a response to a request is allowed to the instance regardless of the defined rules.