EUVD-2022-2802

Malicious code in bioql PyPI...

EUVD-2022-3396

Malicious code in bioql PyPI...

GHSA-6HMM-77R2-H6HR Missing permission checks in Jenkins Amazon EC2 Plugin

Amazon EC2 Plugin 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

GHSA-9HVF-PFQ3-7PP6 CSRF vulnerability in Jenkins Amazon EC2 Plugin

Amazon EC2 Plugin 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

Cross-Regional Disaster Recovery with Elasticsearch

Unsurprisingly, here at Rewind, we've got a lot of data to protect over 2 petabytes worth. One of the databases we use is called Elasticsearch ES or Opensearch, as it is currently known in AWS. To put it simply, ES is a document database that facilitates lightning-fast search results. Speed is...

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

SUSE SLES12 Security Update : python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (SUSE-SU-2020:0555-1)

This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the...

CVE-2020-2090

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

██████: Remote Code Execution on Proxy Service (as root)

The proxy service used to provide researchers with access to certain programs on ██████ allows access to AWS's Metadata API. This Metadata API in turn is configured to expose temporary AWS access credentials for the AWS EC2 Run Command role. When this role is assumed by an AWS client e.g. the CLI...

AWS OpenVPN Deployment Tool: AutoVPN

AWS OpenVPN Deployment Tool Dependencies: boto and paramiko python packages and aws .credentials file on system 1. Clone repo to system. 2. Execute autovpn with -C -k and -r options to deploy to AWS ./autovpn -C -r us-east-1 -k macbook 3. OpenVPN config files are downloaded to current working...