The Cloudflare Bug Bounty program and Cloudflare Pages
Cloudflare collaborated with Assetnote through their Public Bug Bounty program, discovering and patching vulnerabilities in Cloudflare Pages. The team re-architected the platform to use gVisor for further isolation of builds. They shared information about the research that could help others make their infrastructure more secure and encouraged participation in their bug bounty program. The post detailed six bugs discovered, including command injection vulnerabilities, API key disclosure, Bash path injection, Azure pipeline escape, and Kubernetes control plane secrets exposure. Cloudflare notified customers who might have been exposed to the vulnerabilities and thanked the security researchers for their collaboration.
Company
Cloudflare
Date published
May 6, 2022
Author(s)
Evan Johnson, Natalie Rogers
Word count
1749
Language
English
Hacker News points
None found.