Extend Wiz to your Developers: Enable secure cloud development with agility

New capabilities extend Wiz CNAPP to secure the entire software pipeline, enabling organizations to securely develop for the cloud...

Code injection

AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...

CVE-2023-35165 AWS CDK EKS overly permissive trust policies

AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...

AWS Cloud Development Kit 安全漏洞

AWS Cloud Development Kit is an open source software development framework for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from two roles created by eks.Cluster and eks.FargateCluster that...

@98kb/ecr-image-tagger-construct (>=1.0.0 <=1.0.2), @akamaistro/cdktf (>=1.0.1 <=1.8.0) +1081 more potentially affected by CVE-2023-35165 via aws-cdk-lib (>=2.0.0 <=2.7.0)

aws-cdk-lib NPM version =2.0.0, =1.0.0, =1.0.1, =0.0.1, =0.0.1, =0.0.1, =2.0.0, =0.1.0, =0.2.0, =2.1.0, =2.2.0, =2.3.6, =2.1.0, =2.1.0, =2.0.0-beta, =2.2.0 and more Source cves: CVE-2023-35165 Source advisory: OSV:GHSA-RX28-R23P-2QC3...

PT-2023-25176 · Amazon · @Aws-Cdk/Aws-Eks +2

Name of the Vulnerable Software and Affected Versions: aws-cdk-lib versions 2.0.0 through 2.80.0 @aws-cdk/aws-eks versions 1.57.0 through 1.202.0 Description: The issue concerns the AWS Cloud Development Kit AWS CDK, an open-source software development framework. In the affected packages,...

HP Helion Cloud Development Platform restriction bypass

Same key is used in different installations...

CVE-2014-7878

The Application Lifecycle Service ALS in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys fo...

CVE-2014-7878

The CVE-2014-7878 issue affects HP Helion Cloud Development Platform 1.0: the Application Lifecycle Service (ALS) Seed Node image contains identical security keys across different customer installations, enabling a remote attacker with a VM derived from the Seed Node image to connect to other VMs...