Lucene search
K
AmazonAws Cloud Development Kit

4 matches found

CVE
CVE
added 2023/06/23 8:32 p.m.182 views

CVE-2023-35165

CVE-2023-35165 concerns the AWS CDK EKS trust policies. In affected releases of aws-cdk-lib (2.0.0–2.80.0) and @aws-cdk/aws-eks (1.57.0–1.202.0), eks.Cluster and eks.FargateCluster create two roles, CreationRole and default MastersRole, with overly permissive trust policies. The CreationRole is u...

8.8CVSS7.8AI score0.00897EPSS
CVE
CVE
added 2024/08/27 6:33 p.m.76 views

CVE-2024-45037

The CVE affects the AWS CDK RestApi with CognitoUserPoolAuthorizer. Under certain conditions, authenticated Cognito users may gain access beyond what is intended to protected API resources/methods, though API availability is not affected. Affected CDK versions are >=2.142.0 and =2.148.1; upgra...

6.4CVSS7AI score0.00314EPSS
CVE
CVE
added 2025/01/17 8:34 p.m.68 views

CVE-2025-23206

The CVE-2025-23206 issue affects AWS CDK (IAM OIDC custom resource workflow). The tls.connect call sets rejectUnauthorized: false, enabling potential MITM risk when downloading CA thumbprints. A patch is in progress; remediation guidance in the connected docs recommends upgrading to CDK v2.177.0 ...

8.1CVSS7AI score0.00312EPSS
CVE
CVE
added 2025/03/21 2:14 p.m.61 views

CVE-2025-2598

CVE-2025-2598 (AWS CDK CLI) : When using the AWS CDK CLI with a credential plugin that returns an expiration property, credentials may be printed to console output. The issue is mitigated by upgrading to version 2.178.2 or later and patching any forked/derivative code. Public references indicate ...

5.7CVSS5.7AI score0.00255EPSS