CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
Amazon AWS Amplify CLI is vulnerable to Privilege Escalation. The vulnerability is due to the mishandling of role trust policies when the Authentication component is removed, leaving "Effect":"Allow"
in place without conditions, thus exposing sts:AssumeRoleWithWebIdentity
to potential misuse.
aws.amazon.com/security/security-bulletins/AWS-2024-003/
github.com/advisories/GHSA-846g-p7hm-f54r
github.com/aws-amplify/amplify-cli/blob/8ad57bf99a404f3c92547c8a175458016f682fac/packages/amplify-provider-awscloudformation/resources/update-idp-roles-cfn.json
github.com/aws-amplify/amplify-cli/commit/73b08dc424db2fb60399c5343c314e02e849d4a1
github.com/aws-amplify/amplify-cli/releases/tag/v12.10.1
securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/