Cloud Security Atlas
Datadog Cloud Security Atlas is a risk register for Threats and Vulnerabilities. This database gives you the ability to search and filter on your cloud provider platform, risk type, and sort by impact, exploitability, and recency.
Test out the search below by searching for specific cloud services like EBS or S3. From there you can chart your own course to understanding risk that relates to your environment.
Spotlight
-
TITLE
PLATFORM
SERVICE
RISK TYPE
EXPLOITABILITY
IMPACT
DATE
-
EC2 instance without IMDSv2 enforced
PLATFORM
SERVICE
ec2
RISK TYPE
Vuln.
EXPLOITABILITY
low
IMPACT
high
DATE
Nov'24 -
EKS cluster allows pods to steal worker nodes' AWS credentials
PLATFORM
SERVICE
eks
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Publicly shared EBS snapshot
PLATFORM
SERVICE
ec2
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
Lambda function is publicly accessible through function URL
PLATFORM
SERVICE
lambda
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
medium
DATE
Nov'24 -
Stopping a CloudTrail trail
PLATFORM
SERVICE
cloudtrail
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
medium
DATE
Nov'24 -
Executing commands through EC2 user data
PLATFORM
SERVICE
ec2
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
medium
DATE
Nov'24 -
Launching EC2 instances
PLATFORM
SERVICE
ec2
RISK TYPE
Attack
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Opening a security group to the Internet
PLATFORM
SERVICE
ec2
RISK TYPE
Attack
EXPLOITABILITY
medium
IMPACT
medium
DATE
Nov'24 -
Removing VPC flow logs
PLATFORM
SERVICE
ec2
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
medium
DATE
Nov'24 -
Stealing an EBS snapshot by creating a snapshot and sharing it
PLATFORM
SERVICE
ec2
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
high
DATE
Nov'24 -
Stealing EC2 instance credentials through the Instance Metadata Service
PLATFORM
SERVICE
ec2
RISK TYPE
Attack
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Accessing the AWS Console using programmatic credentials
PLATFORM
SERVICE
iam
RISK TYPE
Attack
EXPLOITABILITY
high
IMPACT
low
DATE
Nov'24 -
Compromising AWS Console credentials
PLATFORM
SERVICE
iam
RISK TYPE
Attack
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Creating a new backdoor IAM role
PLATFORM
SERVICE
iam
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
high
DATE
Nov'24 -
Stealing an RDS database by creating a snapshot and sharing it
PLATFORM
SERVICE
rds
RISK TYPE
Attack
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Using Amazon SES to send spam
PLATFORM
SERVICE
ses
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
medium
DATE
Nov'24 -
Adversary-in-the-middle phishing
PLATFORM
SERVICE
azure-ad
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
high
DATE
Nov'24 -
Inviting external users
PLATFORM
SERVICE
azure-ad
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
medium
DATE
Nov'24 -
Malicious OAuth application consent
PLATFORM
SERVICE
azure-ad
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
high
DATE
Nov'24 -
MFA fatigue attack
PLATFORM
SERVICE
azure-ad
RISK TYPE
Attack
EXPLOITABILITY
medium
IMPACT
medium
DATE
Nov'24 -
Executing commands on a virtual machine through Run Command
PLATFORM
SERVICE
virtual-machines
RISK TYPE
Attack
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Opening a Network Security Group to the Internet
PLATFORM
SERVICE
virtual-machines
RISK TYPE
Attack
EXPLOITABILITY
medium
IMPACT
medium
DATE
Nov'24 -
Stealing a virtual machine disk through URL sharing
PLATFORM
SERVICE
virtual-machines
RISK TYPE
Attack
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
Creating a new Google Cloud service account
PLATFORM
SERVICE
iam
RISK TYPE
Attack
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
Inviting an external user to a Google Cloud project
PLATFORM
SERVICE
iam
RISK TYPE
Attack
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
Publicly shared AMI
PLATFORM
SERVICE
ec2
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Security group exposes risky ports to the internet
PLATFORM
SERVICE
ec2
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
IAM role can be assumed by any GitHub Action
PLATFORM
SERVICE
iam
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
IAM role can be assumed by anyone
PLATFORM
SERVICE
iam
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Known compromised IAM user access key
PLATFORM
SERVICE
iam
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
IAM user with old access keys
PLATFORM
SERVICE
iam
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
IAM user with Console access does not have MFA
PLATFORM
SERVICE
iam
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Active root user access keys
PLATFORM
SERVICE
iam
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Usage of the root user
PLATFORM
SERVICE
iam
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Publicly accessible RDS instance
PLATFORM
SERVICE
rds
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Publicly shared RDS snapshot
PLATFORM
SERVICE
rds
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
Public S3 bucket through bucket ACL
PLATFORM
SERVICE
s3
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Public S3 bucket through bucket policy
PLATFORM
SERVICE
s3
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Publicly accessible SNS topic
PLATFORM
SERVICE
sns
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
medium
DATE
Nov'24 -
Publicly accessible SQS queue
PLATFORM
SERVICE
sqs
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
medium
DATE
Nov'24 -
Network Security Group exposes risky ports to the internet
PLATFORM
SERVICE
network
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Public Azure Storage container
PLATFORM
SERVICE
storage
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
BigQuery dataset is publicly accessible
PLATFORM
SERVICE
bigquery
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
high
DATE
Nov'24 -
Publicly accessible CloudSQL instance
PLATFORM
SERVICE
cloudsql
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Firewall rule exposes risky ports to the internet
PLATFORM
SERVICE
gce
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Nov'24 -
Compute instance using the default service account
PLATFORM
SERVICE
gce
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Nov'24 -
Compute instance does not block project-wide SSH keys
PLATFORM
SERVICE
gce
RISK TYPE
Vuln.
EXPLOITABILITY
low
IMPACT
high
DATE
Nov'24 -
Secrets exposed in Lambda function environment variables
PLATFORM
SERVICE
lambda
RISK TYPE
Vuln.
EXPLOITABILITY
low
IMPACT
high
DATE
Jul'24 -
Creating a new IAM user
PLATFORM
SERVICE
iam
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
high
DATE
Jul'24 -
Elevating access from Azure AD to Azure subscriptions
PLATFORM
SERVICE
azure-ad
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
high
DATE
Sep'23 -
GKE cluster does not have Workload Identity enabled
PLATFORM
SERVICE
gke
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
Jun'23 -
Backdooring a Google Cloud service account through its IAM policy
PLATFORM
SERVICE
iam
RISK TYPE
Attack
EXPLOITABILITY
medium
IMPACT
high
DATE
Jun'23 -
Stealing a Compute Disk by sharing it
PLATFORM
SERVICE
gce
RISK TYPE
Attack
EXPLOITABILITY
low
IMPACT
high
DATE
Jun'23 -
Unauthenticated access to exposed Kubernetes dashboard
PLATFORM
SERVICE
kubernetes
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
medium
DATE
Jun'23 -
Use of host network containers
PLATFORM
SERVICE
kubernetes
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
medium
DATE
Jun'23 -
Unauthenticated privileged access to Kubernetes API Server
PLATFORM
SERVICE
kubernetes
RISK TYPE
Vuln.
EXPLOITABILITY
high
IMPACT
high
DATE
Jun'23 -
Principals with cluster-admin access to Kubernetes
PLATFORM
SERVICE
kubernetes
RISK TYPE
Vuln.
EXPLOITABILITY
low
IMPACT
high
DATE
Jun'23 -
Container running as privileged
PLATFORM
SERVICE
kubernetes
RISK TYPE
Vuln.
EXPLOITABILITY
medium
IMPACT
high
DATE
May'23