Cross-account flaws suggest a chilling reality for cloud customers: that their cloud instances aren’t necessarily isolated from those of provider’s other customers. Researchers Ami Luttwak and Shir Tamari of cloud security startup Wiz.io say their latest findings underscore the need for a CVE-type repository where cloud providers and researchers can share vulnerability information. The industry needs a database that lists cloud vulns, “a ‘CVE’ system for the cloud,” Tamari said. An AWS spokesperson says the issues reported by the researchers aren’t vulnerabilities but instead configuration choices.”]
Source: https://www.darkreading.com/cloud/researchers-call-for-cve-approach-for-cloud-vulnerabilities