EUVD-2026-25577

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

Popeyes, Tim Hortons, Burger King platforms have “catastrophic” vulnerabilities, say hackers

Two ethical hackers say they have uncovered massive security vulnerabilities in the platforms hosted by Restaurant Brands International RBI. RBI is one of the world's largest quick service restaurant companies. It was formed in 2014 through a $12.5 billion merger of the American fast food chain...

PT-2024-35171 · Amazon · Amazon Cognito

Name of the Vulnerable Software and Affected Versions: Amazon Cognito affected versions not specified Description: The issue allows previously authenticated users to continue executing authorized API requests until their authentication token expires, even after logging out. This is because...

Strapi 授权问题漏洞

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi versions prior to 4.5.5 that stems from the fact that Strapi does not validate access or ID tokens issued during the OAuth process when the AWS Cognito login provider is used for authentication...

PT-2023-18757 · Amazon · Aws Cognito

Name of the Vulnerable Software and Affected Versions: Strapi versions 3.2.1 through 4.5.5 Description: The issue arises from the lack of verification of access or ID tokens issued during the OAuth flow when using the AWS Cognito login provider for authentication. This allows a remote attacker to...