This repository serves as a historical record of security mistakes made by major cloud service providers (AWS, GCP, Azure). It aims to hold providers accountable by documenting vulnerabilities, misconfigurations, and security incidents that fall on their side of the shared responsibility model, providing a valuable resource for security researchers and cloud users.

How It Works

The project compiles a list of security issues, categorizing them by cloud provider and detailing the vulnerability, its impact, discovery date, and potential customer actions. It focuses on issues within the provider's services or client software, excluding business decisions or incidents not directly affecting cloud customers.

Highlighted Details

• Lists security mistakes by AWS, GCP, and Azure, including CVEs, bug bounties, and incidents.
• Provides details such as vulnerability summary, platform, severity, discovery date, discoverer, customer action, and references.
• Includes critical vulnerabilities like ChaosDB (Azure CosmosDB data compromise) and OMIGOD (Azure agent RCE).
• Documents numerous AWS issues, including IAM policy bypasses, S3 vulnerabilities, and CloudFormation service exploits.

Maintenance and Community

This repository is marked as replaced by cloudvulndb.org. New security mistakes should be reported to the new platform.

Licensing and Compatibility

The repository content is not explicitly licensed, but the project itself is hosted on GitHub.

Limitations and Caveats

The repository is a historical archive and is no longer actively maintained for new findings, directing users to cloudvulndb.org. The definition of a "mistake" is opinionated and may not cover all potential security concerns.