6 matches found
CVE-2025-14759
Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...
GHSA-3G75-Q268-R9R6 Amazon S3 Encryption Client has a Key Commitment Issue
Summary S3 Encryption Client for Go is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders"...
GHSA-X44P-GVRJ-PJ2R Amazon S3 Encryption Client for Java has a Key Commitment Issue
Summary S3 Encryption Client for Java is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamander...
CVE-2025-14763
Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...
CVE-2025-14759
The CVE-2025-14759 issue affects the Amazon S3 Encryption Client for .NET. When the encrypted data key (EDK) is stored in an Instruction File instead of S3 metadata, missing cryptographic key commitment could allow a user with write access to the bucket to introduce a rogue EDK and decrypt to a d...
CVE-2025-14759
Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...