aws-manager (>=0.0.1 <=0.19.8), aws-sdk-manager (>=0.0.0 <=0.0.10) +2 more potentially affected by unknown CVE via aws-sdk-cloudwatch (>=0.11.0 <=0.6.0)

aws-sdk-cloudwatch CARGO version =0.11.0, =0.0.1, =0.0.0, =0.1.3, =1.0.0, =2.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

CVE-2024-45043

The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...

OpenTelemetry Collector < 0.108.0 Authentication Bypass

The OpenTelemetry Collector running on the remote host is prior to 0.108.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below: OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...

OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability

Summary OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key. OpenTelemetry Collector can be configured to receive CloudWatch metrics via an AWS Firehose Stream. Firehose sets the header X-Amz-Firehose-Access-Key with an...

CVE-2024-45043 OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability

The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. awsfirehosereceiver allows unauthenticated remote requests, even when configured to require a key...