4 matches found
Token Leakage
sagemakertrainin is vulnerable to Token Leakage. The vulnerability is due to the logging of CodeArtifact authorization tokens in log files, which, when pushed to CloudWatch Log streams, It can allow unauthorized access to CodeArtifact resources...
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...
GHSA-635V-PC42-FR74 AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...
PT-2024-40110 · Amazon · Cloudwatch +2
Name of the Vulnerable Software and Affected Versions: SageMaker Training Toolkit versions 4.7.0 through 4.7.4 Description: The issue concerns the logging of authorization tokens for CodeArtifact in log files when the CodeArtifact capability is enabled. These tokens have an expiration of 12 hours...