Reported EKS IAM Authenticator Issue
Initial Publication Date: 2022/07/11 9:00 PST
A security researcher recently reported an issue with the AWS IAM Authenticator for Kubernetes, used by Amazon Elastic Kubernetes Service (EKS). The researcher identified a query parameter validation issue within the authenticator...
Reported Apache Log4j Hotpatch Issues
Initial Publication Date: 2022/04/19 14:30 PST CVE IDs: CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071
On December 12, 2021, Amazon publicly released a hotpatch for running Java VMs which disables the loading of the Java Naming and Directory Interface (JNDI) class....
Reported AWS Desktop VPN Client for Windows Issue
Initial Publication Date: 2022/04/12 15:30 PST
AWS is aware of the issues described in CVE-2022-25165 and CVE-2022-25166 relating to the AWS-provided Desktop VPN Client for Windows. These issues affect only client versions 2.0.0 and below; they have been...
Reported Amazon RDS PostgreSQL issue
Initial Publication Date: 2022/04/11 16:45 PST
A security researcher recently reported an issue with Aurora PostgreSQL. Using this issue, they were able to gain access to internal credentials that were specific to their Aurora cluster. No cross-customer or...
CVE-2022-0778 awareness
Initial Publication Date: 2022/03/17 20:42 PST
AWS is aware of an issue present in OpenSSL versions 1.0.2, 1.1.1, and 3.0 in which a certificate containing invalid explicit curve parameters can cause denial of service (DoS) by triggering an...
Reported AWS Glue Issue
Initial Publication Date: 2022/01/13 13:00 PST
A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an...
Reported AWS CloudFormation Issue
Initial Publication Date: 2022/01/13 13:00 PST
Security researchers recently identified and reported an issue in AWS CloudFormation. Specifically, the reported issue was in the AWS CloudFormation service itself, which allowed viewing of some local configuration files on an AWS-internal...
AWSSupportServiceRolePolicy Informational Update
Between December 21, 2021 at 23:48 UTC and December 22, 2021 at 08:23 UTC, the policy used by AWS Support automated systems - AWSSupportServiceRolePolicy - inadvertently included S3:GetObject permissions. This change has been reverted. While these permissions were temporarily...
Update for Apache Log4j2 Issue (CVE-2021-44228)
Initial Publication Date: 2021/12/11 7:30 PM PDT
AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...
Apache Log4j2 Issue (CVE-2021-44228)
Initial Publication Date: 2021/12/10 7:20 PM PDT
AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...