#EnvironmentVariables

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

by

November 15, 2024 at 02:46AM A high-severity vulnerability (CVE-2024-10979) in PostgreSQL allows unprivileged users to modify environment variables, potentially enabling arbitrary code execution and information disclosure. With a CVSS score of 8.8, it has been patched in recent PostgreSQL versions. Users are advised to implement strict permissions on extensions and functions. ### Meeting Takeaways – … Read more

Cloud Users Warned of Data Exposure Risk From Command-Line Tools

by

April 16, 2024 at 11:00AM Cloud security firm Orca warned about how certain command-line tools from major cloud service providers expose sensitive information in the form of environment variables, posing security risks. Microsoft Azure, AWS, and Google Cloud confirmed the issue and provided guidance on safeguarding sensitive data. Orca discovered this issue impacting not just … Read more