2 matches found
CVE-2024-28056
Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...
CVE-2024-28056
CVE-2024-28056 affects Amazon AWS Amplify CLI versions before 12.10.1. The issue arises when the Authentication component is removed from an Amplify project, which leaves the policy in an IAM role with “Effect”: “Allow” but without the Condition, enabling sts:AssumeRoleWithWebIdentity to be usabl...