Two Critical Flaws Found in Alibaba Cloud’s PostgreSQL Databases
Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL has been found to contain a pair of serious weaknesses that together might allow unauthorized access to other users' sensitive data by bypassing tenant isolation safeguards.
Cloud security company Wiz recently released a report that was shared with The Hacker News. "The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply chain attack on both Alibaba database services, leading to an RCE on Alibaba database services," the report read.
BrokenSesame concerns were reported to Alibaba Cloud in December 2022 after the firm deployed mitigations read more Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases.
With Rec...