Web: https://www.cloudvulndb.org/aws-appsync-confused-deputy

Nov. 21, 2022, midnight |

The Open Cloud Vulnerability & Security Issue Database cloudvulndb.org

Prior to September 6, 2022, the AWS AppSync service could be coerced
to assume arbitrary roles which trusted the AppSync service. This was
due to insufficient validation of a serviceRoleArn parameter, allowing
an attacker to specify roles in other accounts. With this vulnerability,
an adversary could invoke arbitrary AWS API calls with the compromised role.

appsync aws

Security Operations Lead

@ Vattenfall | Amsterdam, Netherlands

Technology - Energy and Natural Resources sector, Security Strategy & Governance, Cyber Defence, Identity & Access

@ KPMG Australia | Sydney, Australia

DevSecOps Manager

@ Nexient | United States

IT Security Manager (REF194D)

@ Deutsche Telekom IT Solutions | Budapest, Debrecen, Pécs, Szeged, Hungary

Security GRC Consultant

@ Devoteam | Zaventem, Belgium

Information Security & Data Privacy Specialist

@ SirionLabs | Gurugram, Haryana, India

Junior Security Engineer

@ Eurofins | Barcelona, Spain

Senior Application Security Engineer [Remote - UK]

@ Confluent, Inc. | Remote, England

Threat Analysis Security Engineer

@ MANGOPAY | Paris, France

Sr. Professional Services Consultant II

@ Palo Alto Networks | Denver, CO, United States

Senior Offensive Security Engineer

@ MANGOPAY | Paris, France

Consultant SecDevOps H/F

@ Devoteam | Toulouse, France