Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 22/12/2023 Updated: 08/01/2024

CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 0

Subscribe to Awslabs Sandbox Accounts For Events

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amazon awslabs sandbox accounts for events

CWE-284 https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-cg8w-7q5v-g32r https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-50928

Vulnerability Summary

References

Vulmon Search

About

Products

Connect