6 matches found
CVE-2023-35165
AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...
Code injection
AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...
CVE-2023-35165 AWS CDK EKS overly permissive trust policies
AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...
Overly Permissive Trust Policies
aws-cdk is vulnerable to Overly Permissive Trust Policies. The vulnerability exists because the library's CreationRole and the default MastersRole use the account root principal in their trust policy, which allows eks.Cluster and eks.FargateCluster construct clusters to create two roles that have...
AWS CDK EKS overly permissive trust policies
If you are using the eks.Cluster or eks.FargateCluster construct we need you to take action. Other users are not affected and can stop reading. Impact The AWS Cloud Development Kit CDK allows for the definition of Amazon Elastic Container Service for Kubernetes EKS clusters. eks.Cluster and...
GHSA-RX28-R23P-2QC3 AWS CDK EKS overly permissive trust policies
If you are using the eks.Cluster or eks.FargateCluster construct we need you to take action. Other users are not affected and can stop reading. Impact The AWS Cloud Development Kit CDK allows for the definition of Amazon Elastic Container Service for Kubernetes EKS clusters. eks.Cluster and...