CVE-2025-59048

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...

EUVD-2022-28552

Malicious code in bioql PyPI...

EUVD-2024-1151

Malicious code in bioql PyPI...

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have discovered risky default identity and access management IAM roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often...

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services AWS Cloud Development Kit CDK that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access...

GHSA-XCQ4-M2R3-CMRJ Trivy possibly leaks registry credential when scanning images from malicious registries

Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry ECR, Google Cloud Artifact/Container Registry, or Azure Container Registr...

AWS Amplify CLI has incorrect trust policy management

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2024-28056

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...

CVE-2024-28056

CVE-2024-28056 affects Amazon AWS Amplify CLI versions before 12.10.1. The issue arises when the Authentication component is removed from an Amplify project, which leaves the policy in an IAM role with “Effect”: “Allow” but without the Condition, enabling sts:AssumeRoleWithWebIdentity to be usabl...

PT-2024-22240 · Amazon · Amazon Aws Amplify Cli

Name of the Vulnerable Software and Affected Versions: Amazon AWS Amplify CLI versions prior to 12.10.1 Description: The issue arises when the Authentication component is removed from an Amplify project, resulting in the removal of a Condition property but leaving "Effect":"Allow" present. This...

CVE-2022-23506

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...

CVE-2022-23506

CVE-2022-23506 affects Spinnaker’s Rosco microservice. Prior to versions 1.29.2, 1.28.4, and 1.27.3, Rosco did not properly mask secrets generated during Packer builds, which could expose AWS credentials in log files. The issue is mitigated in 1.29.2, 1.28.4, and 1.27.3+ fixes. A workaround recom...

Let’s Get Under the Hood of Imperva Snapshot

A stress-free guide for the prudent cloud operator With minimal setup, Imperva Snapshot enables you to immediately start your in-depth Amazon Web Services AWS RDS database assessment. With no prior training required, cloud operators can use this useful tool to pinpoint deficiencies in their...

Securely Managing Entitlement of S3 Resources

Here we’ll talk about securely managing entitlements of S3 resources including managing access control to S3 objects and utilizing audit logging to keep track of the usage of shared resources. Amazon’s AWS services allow for accounts to grant access to resources from other accounts on AWS. This...

Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. Example report Documentation For full documentation, please visit the project on ReadTheDocs. Installation Cheat sheet Example report Overview...

Automatic Visibility And Immediate Security with Trend Micro + AWS Control Tower

Things fail. It happens. A core principle of building well in the AWS Cloud is reliability. Dr. Vogels said it best, “How can you reduce the impact of failure on your customers?” He uses the term “blast radius” to describe this principle. One of the key methods for reducing blast radius is the AW...

How to work with Amazon EBS encryption using Veeam Backup for AWS

Challenge You want to backup or restore instances with encrypted volumes. You receive one of the following related errors while working with encrypted volumes: Encrypted snapshots with EBS default key cannot be shared The default encryption key in the region of your service account is aws/ebs...