CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51651 – Potential URI resolution path traversal in the AWS SDK for PHP
https://notcve.org/view.php?id=CVE-2023-51651
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. • https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2 https://github.com/aws/aws-sdk-php/releases/tag/3.288.1 https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2582 – Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go
https://notcve.org/view.php?id=CVE-2022-2582
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. AWS S3 Crypto SDK envía un hash no cifrado del texto plano junto con el texto cifrado como un campo de metadatos. Este hash se puede utilizar para forzar el texto plano, si el hash es legible para el atacante. • https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 https://pkg.go.dev/vuln/GO-2022-0391 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4725 – AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery
https://notcve.org/view.php?id=CVE-2022-4725
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. • https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b https://github.com/aws-amplify/aws-sdk-android/pull/3100 https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1 https://vuldb.com/?id.216737 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-40831 – Missing SNI validation and inconsistent CA override function behavior within AWS IoT Device SDKs on Apple devices
https://notcve.org/view.php?id=CVE-2021-40831
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. • https://github.com/aws/aws-iot-device-sdk-cpp-v2 https://github.com/aws/aws-iot-device-sdk-java-v2 https://github.com/aws/aws-iot-device-sdk-js-v2 https://github.com/aws/aws-iot-device-sdk-python-v2 https://github.com/awslabs/aws-c-io • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-40830 – Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems
https://notcve.org/view.php?id=CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. • https://github.com/aws/aws-iot-device-sdk-cpp-v2 https://github.com/aws/aws-iot-device-sdk-java-v2 https://github.com/aws/aws-iot-device-sdk-js-v2 https://github.com/aws/aws-iot-device-sdk-python-v2 https://github.com/awslabs/aws-c-io • CWE-295: Improper Certificate Validation •