Lucene search
K

5 matches found

Hacker One
Hacker One
added 2025/03/31 2:44 p.m.283 views

AWS VDP: Non-Production API Endpoints for the Neptune Graph Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The non-production API endpoints for the Neptune Graph Service were found to fail logging to CloudTrail, resulting in silent permission enumeration. Specifically, seven non-production endpoints were identified that could be used with standard IAM credentials without generating CloudTrail logs. Th...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/03/04 5:14 p.m.1323 views

AWS VDP: Non-Production API Endpoints for the Forecast Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The Forecast service in Amazon Web Services AWS has four non-production API endpoints that can be accessed using standard IAM credentials, but do not log any activity to CloudTrail. This allows for silent permission enumeration, where an adversary can test the capabilities of compromised...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/02/24 2:52 p.m.1443 views

AWS VDP: Non-Production API Endpoints for the DocumentDB Elastic Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The DocumentDB Elastic service was found to have three non-production API endpoints that could be accessed using standard IAM credentials without logging to CloudTrail. This allowed for silent permission enumeration, where an adversary could determine the permissions of compromised credentials...

7AI score
Exploits0
Hacker One
Hacker One
added 2025/02/07 7:50 p.m.1398 views

AWS VDP: Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The vulnerability found in the Datazone service allows an adversary to enumerate permissions of compromised credentials without logging to CloudTrail. Forty-four non-production endpoints were identified that can be accessed using standard IAM credentials and do not generate CloudTrail logs. This...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2025/01/21 2:49 p.m.5 views

AWS VDP: Non-Production API Endpoints for the bedrock Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The bedrock service was found to have 5 non-production API endpoints that could be used with standard IAM credentials to enumerate permissions without logging to CloudTrail. The impacted endpoints allowed the invocation of bedrock:ListImportedModels and bedrock:ListModelImportJobs actions. This...

7AI score
Exploits0
Rows per page
Query Builder