JAKARTA - Cybersecurity firm Tenable discovered a serious vulnerability in Oracle Cloud Infrastructure (OCI), which attackers can use to run malicious codes on servers remotely.
This security gap was found in Code Editor, one of the features in Cloud Shell Oracle commonly used by developers to manage Cloud Oracle services.
According to Tenable, by taking advantage of this gap, attackers can take over the work environment of users in the cloud, carry out orders arbitrarily, steal sensitive data, and even access other important services such as Resource Managers, Functions, and Data Science.
Worse yet, this gap could result in broader system infiltration.
So, once the user opens Cloud Shell again, the code will be active immediately and give the attacker access.
SEE ALSO:
-
| TEKNOLOGI
Studi: YouTube dan Facebook Jadi Kunci Strategi Afiliasi di Asia Tenggara
20 Juli 2025, 12:30
Tenable menyebut masalah ini sebagai bagian dari “Konsep Jenga” — gambaran bahwa layanan cloud dibangun saling bertumpuk.
Jika satu bagian bermasalah, bisa berdampak ke sistem lain yang terhubung.
“Mirip dengan permainan Jenga, mengekstraksi satu blok dapat membahayakan integritas seluruh struktur," kata Peneliti Keamanan Senior di Tenable Liv Matan dalam pernyataannya dikutip Minggu, 20 Juli.
Oracle sendiri sudah memperbaiki masalah ini.
Pengguna tidak perlu melakukan tindakan tambahan, namun temuan ini menjadi pengingat penting bahwa risiko keamanan di layanan cloud tetap harus diwaspadai.
SEE ALSO:
-
| TEKNOLOGI
Studi: YouTube dan Facebook Jadi Kunci Strategi Afiliasi di Asia Tenggara
20 Juli 2025, 12:30
Tenable calls this problem part of the Concept of Jenga' the picture that cloud services are built piled up on each other.
If one part is problematic, it can have an impact on other connected systems.
"Similar to Jenga's game, extracting one block can endanger the integrity of the entire structure," said Senior Security Researcher at Tenable Liv Matan in a statement quoted on Sunday, July 20.
Oracle itself has fixed this problem.
Users do not need to take additional action, but these findings serve as an important reminder that security risks in cloud services remain to be watched out for.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
