CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-35165 – AWS CDK EKS overly permissive trust policies
https://notcve.org/view.php?id=CVE-2023-35165
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. • https://github.com/aws/aws-cdk/issues/25674 https://github.com/aws/aws-cdk/security/advisories/GHSA-rx28-r23p-2qc3 • CWE-863: Incorrect Authorization •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 3CVE-2023-33248
https://notcve.org/view.php?id=CVE-2023-33248
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful. • https://arxiv.org/abs/2305.10358 https://cios2023.org/papers https://github.com/reveondivad/nuance https://sites.google.com/view/nuitattack/home https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf https://youtu.be/3gEc5ZFWIWo •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31141 – OpenSearch issue with fine-grained access control during extremely rare race conditions
https://notcve.org/view.php?id=CVE-2023-31141
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue. • https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1385
https://notcve.org/view.php?id=CVE-2023-1385
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. • https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1384
https://notcve.org/view.php?id=CVE-2023-1384
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. • https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •