/plushcap/analysis/cloudflare/pages-bug-bounty

The Cloudflare Bug Bounty program and Cloudflare Pages

What's this blog post about?

Cloudflare collaborated with Assetnote through their Public Bug Bounty program, discovering and patching vulnerabilities in Cloudflare Pages. The team re-architected the platform to use gVisor for further isolation of builds. They shared information about the research that could help others make their infrastructure more secure and encouraged participation in their bug bounty program. The post detailed six bugs discovered, including command injection vulnerabilities, API key disclosure, Bash path injection, Azure pipeline escape, and Kubernetes control plane secrets exposure. Cloudflare notified customers who might have been exposed to the vulnerabilities and thanked the security researchers for their collaboration.

Company
Cloudflare

Date published
May 6, 2022

Author(s)
Evan Johnson, Natalie Rogers

Word count
1749

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.