4 matches found
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Amazon AWS S3 Crypto SDK for GoLang (CVE-2020-8912)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Amazon AWS S3 Crypto SDK for GoLang caused by a flaw in the in-band key negotiation. CVE-2020-8912. Amazon AWS S3 Crypto SDK for GoLang is included as part of the Base OS...
CVE-2020-8912
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...
CVE-2020-8912 vulnerabilities
Vulnerabilities for packages: external-secrets-operator, opentelemetry-collector, grafana, cloud-sql-proxy, gatekeeper, cluster-autoscaler, k3d, kots, loki, mattermost, argo-cd, zot, kube-arangodb...
CVE-2020-8912
CVE-2020-8912 concerns the AWS S3 Crypto SDK for Go, affected in GoLang SDKs before version 2. The bug is in-band key negotiation which allows a user with write access to a bucket to alter the encryption algorithm of an object (e.g., switch from AES-GCM to AES-CTR). When combined with a decryptio...