HackerTrans
トップ新着トレンドコメント過去質問紹介求人

olearysec

no profile record

投稿

Google Said 'Nice Catch' Then Denied Bounty

theregister.com
6 ポイント·投稿者 olearysec·25 日前·0 コメント

Microsoft rejects critical Azure vulnerability report, no CVE issued

bleepingcomputer.com
5 ポイント·投稿者 olearysec·2 か月前·1 コメント

コメント

olearysec
·2 か月前·議論
[flagged]
olearysec
·2 か月前·議論
I'm the researcher. You've nailed it — Backup Contributor automatically granted cluster-admin via Trusted Access, no K8s permissions required. Microsoft called it "expected behavior," then silently patched it.

Full writeup with CERT/CC timeline and evidence: https://olearysec.com/research/azure-backup-aks-silent-patch...