26 matches found
EUVD-2022-1000
Malicious code in bioql PyPI...
CVE-2023-51386
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned...
Design/Logic Flaw
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned...
CVE-2023-51386 Sandbox Accounts for Events vulnerable to privilege escalation to read running events data
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned...
CVE-2023-51386
CVE-2023-51386 affects Sandbox Accounts for Events. An authenticated user could read data from the events table by sending requests to the events API, exposing information such as planned events, timeframes, budgets, and owner email addresses. The issue has been patched in version 1.10.0. Affecte...
CVE-2023-50928
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...
Deserialization of untrusted data
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...
CVE-2023-50928 sandbox-accounts-for-events security misconfiguration leads to budget exceed
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...
CVE-2023-50928 sandbox-accounts-for-events security misconfiguration leads to budget exceed
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...
CVE-2023-50928
CVE-2023-50928 affects the Sandbox Accounts for Events tool. Affected: Sandbox Accounts for Events prior to version 1.1.0. Root cause: access control misconfiguration allows an authenticated user to claim and access empty AWS accounts by sending payloads to the account API with non-existent event...
PT-2023-31713 · Unknown · Sandbox Accounts For Events
Name of the Vulnerable Software and Affected Versions: Sandbox Accounts for Events versions prior to 1.1.0 Description: The issue allows authenticated users to potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and...
Amazon Sandbox Accounts for Events Access Control Error Vulnerability
Amazon Sandbox Accounts for Events is an application from Amazon.com, Inc. It allows multiple temporary AWS accounts to be provisioned to multiple authenticated users at the same time through a browser-based GUI. An access control error vulnerability exists in Amazon Sandbox Accounts for Events...
PT-2023-31801 · Unknown · Sandbox Accounts For Events
Name of the Vulnerable Software and Affected Versions: Sandbox Accounts for Events versions prior to 1.10.0 Description: The issue allows authenticated users to potentially read data from the events table by sending request payloads to the "events API", collecting information on planned events,...
Amazon Sandbox Accounts for Events Security Breach
Amazon Sandbox Accounts for Events is an application from Amazon.com, Inc. It allows multiple temporary AWS accounts to be made available to multiple authenticated users at the same time through a browser-based GUI. A security vulnerability exists in Amazon Sandbox Accounts for Events prior to...
Updated nats-server packages fix security vulnerability
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. CVE-2022-24450...
Privilege Escalation
github.com/nats-io/nats-server is vulnerable to privilege escalation. The vulnerability exists due to the weak permission in the "dynamically provisioned sandbox accounts" feature., allowing an unauthorized user to access System account...
GHSA-G6W6-R76C-28J7 Incorrect Authorization in NATS nats-server
This advisory is canonically Problem Description NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature. A client crafting the initial protocol-level...
Incorrect Authorization in NATS nats-server
This advisory is canonically Problem Description NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature. A client crafting the initial protocol-level...
CVE-2022-24450
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature...
CVE-2022-24450
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature...