Reported GuardDuty Finding Issue
Initial Publication Date: 05/18/2023 10:00AM EST
A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to...
Issue With IAM Supporting Multiple MFA Devices
Initial Publication Date: 04/25/2023 10:00AM EST
A security researcher recently reported an issue with AWS’s recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when...
Reported ECR Public Gallery Issue
Initial Publication Date: 12/13/2022 9:00AM EST
On November 14, 2022, a security researcher reported an issue in Amazon Elastic Container Registry (ECR) Public Gallery, a public website for finding and sharing public container images. The researcher identified an...
Reported AWS AppSync Issue
Initial Publication Date: 2022/11/21 10:00AM EST
A security researcher recently disclosed a case-sensitivity parsing issue within AWS AppSync, which could potentially be used to bypass the service’s cross-account role usage validations and take action as the service across...
OpenSSL Security Advisories – November 2022
Initial Publication Date: 2022/11/01 09:00 PDT
AWS is aware of the recently reported issues regarding OpenSSL 3.0 (CVE-2022-3602 and CVE-2022-3786). AWS services are not affected, and no customer action is required. Additionally, Amazon Linux 1 and Amazon Linux...
Reported EKS IAM Authenticator Issue
Initial Publication Date: 2022/07/11 9:00 PST
A security researcher recently reported an issue with the AWS IAM Authenticator for Kubernetes, used by Amazon Elastic Kubernetes Service (EKS). The researcher identified a query parameter validation issue within the authenticator...