all InfoSec news
AWS Amplify IAM role publicly assumable exposure
April 15, 2024, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
with Amplify projects. This misconfiguration caused these roles to be assumable
by any other AWS account. Both the Amplify Studio and the Amplify CLI
exhibited this behavior. Any Amplify project created using the Amplify CLI
built between July 3, 2018 and August 8, 2019 had IAM roles that were assumable by
anyone in the world. AWS mitigated this vulnerability through backend changes to
STS and IAM, and also …
account amplify aws cli exposure found iam iam roles july misconfiguration project projects role roles service studio
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
2 weeks, 5 days ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 1 week ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 1 week ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 4 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Manager-West Coast
@ The Walt Disney Company | USA - CA - 2500 Broadway Street
Vulnerability Analyst - Remote (WFH)
@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
Senior Mainframe Security Administrator
@ Danske Bank | Copenhagen V, Denmark