Cloud Security Atlas

Datadog Cloud Security Atlas is a risk register for Threats and Vulnerabilities. This database gives you the ability to search and filter on your cloud provider platform, risk type, and sort by impact, exploitability, and recency.

Test out the search below by searching for specific cloud services like EBS or S3. From there you can chart your own course to understanding risk that relates to your environment.

Spotlight

attacks Jun'23

Stealing EC2 instance credentials through the Instance Metadata Service

vulnerabilities Jun'23

EC2 instance without IMDSv2 enforced

vulnerabilities Sep'23

Security group exposes risky ports to the internet

PLATFORM

SERVICES

RISK TYPE

TITLE

PLATFORM

SERVICE

RISK TYPE

EXPLOITABILITY

IMPACT

DATE
Unauthenticated access to exposed Kubernetes dashboard

PLATFORM

SERVICE

kubernetes

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Jun'23
Principals with cluster-admin access to Kubernetes

PLATFORM

SERVICE

kubernetes

RISK TYPE

Vuln.

EXPLOITABILITY

low

IMPACT

high

DATE
Jun'23
Unauthenticated privileged access to Kubernetes API Server

PLATFORM

SERVICE

kubernetes

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

high

DATE
Jun'23
Stopping a CloudTrail trail

PLATFORM

SERVICE

cloudtrail

RISK TYPE

Attack

EXPLOITABILITY

low

IMPACT

medium

DATE
Sep'23
Executing commands through EC2 user data

PLATFORM

SERVICE

ec2

RISK TYPE

Attack

EXPLOITABILITY

low

IMPACT

medium

DATE
Jun'23
Launching EC2 instances

PLATFORM

SERVICE

ec2

RISK TYPE

Attack

EXPLOITABILITY

high

IMPACT

medium

DATE
Jun'23
Opening a security group to the Internet

PLATFORM

SERVICE

ec2

RISK TYPE

Attack

EXPLOITABILITY

medium

IMPACT

medium

DATE
Jun'23
Removing VPC flow logs

PLATFORM

SERVICE

ec2

RISK TYPE

Attack

EXPLOITABILITY

low

IMPACT

medium

DATE
Jun'23
Stealing an EBS snapshot by creating a snapshot and sharing it

PLATFORM

SERVICE

ec2

RISK TYPE

Attack

EXPLOITABILITY

low

IMPACT

high

DATE
Jun'23
Stealing EC2 instance credentials through the Instance Metadata Service

PLATFORM

SERVICE

ec2

RISK TYPE

Attack

EXPLOITABILITY

high

IMPACT

medium

DATE
Jun'23
Compromising AWS Console credentials

PLATFORM

SERVICE

iam

RISK TYPE

Attack

EXPLOITABILITY

medium

IMPACT

high

DATE
Jun'23
Creating a new IAM user

PLATFORM

SERVICE

iam

RISK TYPE

Attack

EXPLOITABILITY

high

IMPACT

high

DATE
Jun'23
Stealing an RDS database by creating a snapshot and sharing it

PLATFORM

SERVICE

rds

RISK TYPE

Attack

EXPLOITABILITY

medium

IMPACT

high

DATE
Jun'23
Elevating access from Azure AD to Azure subscriptions

PLATFORM

SERVICE

azure-ad

RISK TYPE

Attack

EXPLOITABILITY

low

IMPACT

high

DATE
Sep'23
Inviting external users

PLATFORM

SERVICE

azure-ad

RISK TYPE

Attack

EXPLOITABILITY

low

IMPACT

medium

DATE
Sep'23
Use of host network containers

PLATFORM

SERVICE

kubernetes

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

medium

DATE
Jun'23
Container running as privileged

PLATFORM

SERVICE

kubernetes

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
May'23
Executing commands on a virtual machine through Run Command

PLATFORM

SERVICE

virtual-machines

RISK TYPE

Attack

EXPLOITABILITY

medium

IMPACT

high

DATE
Sep'23
Opening a Network Security Group to the Internet

PLATFORM

SERVICE

virtual-machines

RISK TYPE

Attack

EXPLOITABILITY

medium

IMPACT

medium

DATE
Aug'23
Stealing a virtual machine disk through URL sharing

PLATFORM

SERVICE

virtual-machines

RISK TYPE

Attack

EXPLOITABILITY

high

IMPACT

high

DATE
Sep'23
Stealing a Compute Disk by sharing it

PLATFORM

SERVICE

gce

RISK TYPE

Attack

EXPLOITABILITY

low

IMPACT

high

DATE
Jun'23
Backdooring a Google Cloud service account through its IAM policy

PLATFORM

SERVICE

iam

RISK TYPE

Attack

EXPLOITABILITY

medium

IMPACT

high

DATE
Jun'23
Creating a new Google Cloud service account

PLATFORM

SERVICE

iam

RISK TYPE

Attack

EXPLOITABILITY

high

IMPACT

high

DATE
Jun'23
Inviting an external user to a Google Cloud project

PLATFORM

SERVICE

iam

RISK TYPE

Attack

EXPLOITABILITY

high

IMPACT

high

DATE
Jun'23
Publicly shared AMI

PLATFORM

SERVICE

ec2

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Mar'23
Publicly shared EBS snapshot

PLATFORM

SERVICE

ec2

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

high

DATE
Feb'23
EC2 instance without IMDSv2 enforced

PLATFORM

SERVICE

ec2

RISK TYPE

Vuln.

EXPLOITABILITY

low

IMPACT

high

DATE
Jun'23
Security group exposes risky ports to the internet

PLATFORM

SERVICE

ec2

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Sep'23
IAM role can be assumed by anyone

PLATFORM

SERVICE

iam

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Mar'23
IAM user with old access keys

PLATFORM

SERVICE

iam

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Feb'23
IAM user with Console access does not have MFA

PLATFORM

SERVICE

iam

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Mar'23
Active root user access keys

PLATFORM

SERVICE

iam

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Feb'23
Usage of the root user

PLATFORM

SERVICE

iam

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Feb'23
Lambda function is publicly accessible through function URL

PLATFORM

SERVICE

lambda

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

medium

DATE
Feb'23
Publicly accessible RDS instance

PLATFORM

SERVICE

rds

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Feb'23
Publicly shared RDS snapshot

PLATFORM

SERVICE

rds

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

high

DATE
Feb'23
Public S3 bucket through bucket ACL

PLATFORM

SERVICE

s3

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Aug'23
Public S3 bucket through bucket policy

PLATFORM

SERVICE

s3

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Aug'23
Publicly accessible SNS topic

PLATFORM

SERVICE

sns

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

medium

DATE
Feb'23
Publicly accessible SQS queue

PLATFORM

SERVICE

sqs

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

medium

DATE
Mar'23
Network Security Group exposes risky ports to the internet

PLATFORM

SERVICE

network

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Sep'23
Public Azure Storage container

PLATFORM

SERVICE

storage

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Sep'23
BigQuery dataset is publicly accessible

PLATFORM

SERVICE

bigquery

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

high

DATE
Sep'23
Publicly accessible CloudSQL instance

PLATFORM

SERVICE

cloudsql

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Jun'23
Firewall rule exposes risky ports to the internet

PLATFORM

SERVICE

gce

RISK TYPE

Vuln.

EXPLOITABILITY

high

IMPACT

medium

DATE
Sep'23
Compute instance using the default service account

PLATFORM

SERVICE

gce

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Jun'23
Compute instance does not block project-wide SSH keys

PLATFORM

SERVICE

gce

RISK TYPE

Vuln.

EXPLOITABILITY

low

IMPACT

high

DATE
Jun'23
GKE cluster does not have Workload Identity enabled

PLATFORM

SERVICE

gke

RISK TYPE

Vuln.

EXPLOITABILITY

medium

IMPACT

high

DATE
Jun'23

Cloud Security Atlas

Spotlight

Unauthenticated access to exposed Kubernetes dashboard

Principals with cluster-admin access to Kubernetes

Unauthenticated privileged access to Kubernetes API Server

Stopping a CloudTrail trail

Executing commands through EC2 user data

Launching EC2 instances

Opening a security group to the Internet

Removing VPC flow logs

Stealing an EBS snapshot by creating a snapshot and sharing it

Stealing EC2 instance credentials through the Instance Metadata Service

Compromising AWS Console credentials

Creating a new IAM user

Stealing an RDS database by creating a snapshot and sharing it

Elevating access from Azure AD to Azure subscriptions

Inviting external users

Use of host network containers

Container running as privileged

Executing commands on a virtual machine through Run Command

Opening a Network Security Group to the Internet

Stealing a virtual machine disk through URL sharing

Stealing a Compute Disk by sharing it

Backdooring a Google Cloud service account through its IAM policy

Creating a new Google Cloud service account

Inviting an external user to a Google Cloud project

Publicly shared AMI

Publicly shared EBS snapshot

EC2 instance without IMDSv2 enforced

Security group exposes risky ports to the internet

IAM role can be assumed by anyone

IAM user with old access keys

IAM user with Console access does not have MFA

Active root user access keys

Usage of the root user

Lambda function is publicly accessible through function URL

Publicly accessible RDS instance

Publicly shared RDS snapshot

Public S3 bucket through bucket ACL

Public S3 bucket through bucket policy

Publicly accessible SNS topic

Publicly accessible SQS queue

Network Security Group exposes risky ports to the internet

Public Azure Storage container

BigQuery dataset is publicly accessible

Publicly accessible CloudSQL instance

Firewall rule exposes risky ports to the internet

Compute instance using the default service account

Compute instance does not block project-wide SSH keys

GKE cluster does not have Workload Identity enabled