Search criteria
12 vulnerabilities found for aws_software_development_kit by amazon
FKIE_CVE-2023-51651
Vulnerability from fkie_nvd - Published: 2023-12-22 21:15 - Updated: 2024-11-21 08:38
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amazon | aws_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:aws_software_development_kit:*:*:*:*:*:php:*:*",
"matchCriteriaId": "0082C8EC-989B-4F0B-9A53-EF54687E1880",
"versionEndExcluding": "3.288.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1."
},
{
"lang": "es",
"value": "AWS SDK para PHP es el kit de desarrollo de software de Amazon Web Services para PHP. Dentro del alcance de las solicitudes a claves de objeto S3 y/o prefijos que contienen un doble punto Unix, es posible un path traversal URI. El problema existe en el m\u00e9todo `buildEndpoint` en el componente RestSerializer del AWS SDK para PHP v3 anterior a 3.288.1. El m\u00e9todo `buildEndpoint` se basa en la utilidad Guzzle Psr7 UriResolver, que elimina segmentos de puntos de la ruta de solicitud de acuerdo con RFC 3986. Bajo ciertas condiciones, esto podr\u00eda conducir a que se acceda a un objeto arbitrario. Este problema se solucion\u00f3 en la versi\u00f3n 3.288.1."
}
],
"id": "CVE-2023-51651",
"lastModified": "2024-11-21T08:38:32.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-22T21:15:09.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2022-2582
Vulnerability from fkie_nvd - Published: 2022-12-27 22:15 - Updated: 2025-04-11 17:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
References
| URL | Tags | ||
|---|---|---|---|
| security@golang.org | https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 | Patch, Third Party Advisory | |
| security@golang.org | https://pkg.go.dev/vuln/GO-2022-0391 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pkg.go.dev/vuln/GO-2022-0391 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amazon | aws_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:aws_software_development_kit:*:*:*:*:*:go:*:*",
"matchCriteriaId": "D60B84C9-043E-4CE0-8069-543444CCAECD",
"versionEndExcluding": "1.34.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it."
},
{
"lang": "es",
"value": "AWS S3 Crypto SDK env\u00eda un hash no cifrado del texto plano junto con el texto cifrado como un campo de metadatos. Este hash se puede utilizar para forzar el texto plano, si el hash es legible para el atacante. AWS ahora bloquea este campo de metadatos, pero las versiones anteriores del SDK a\u00fan lo env\u00edan."
}
],
"id": "CVE-2022-2582",
"lastModified": "2025-04-11T17:15:36.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T22:15:12.390",
"references": [
{
"source": "security@golang.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1"
},
{
"source": "security@golang.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://pkg.go.dev/vuln/GO-2022-0391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://pkg.go.dev/vuln/GO-2022-0391"
}
],
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-4725
Vulnerability from fkie_nvd - Published: 2022-12-27 15:15 - Updated: 2024-11-21 07:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/aws-amplify/aws-sdk-android/pull/3100 | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1 | Release Notes, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.216737 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aws-amplify/aws-sdk-android/pull/3100 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.216737 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amazon | aws_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:aws_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CF9C5D60-F079-43FF-ABE3-EA862BDFCD34",
"versionEndExcluding": "2.59.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en AWS SDK 2.59.0. Ha sido calificada como cr\u00edtica. Este problema afecta la funci\u00f3n XpathUtils del archivo aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java del componente XML Parser. La manipulaci\u00f3n conduce a server-side request forgery. La actualizaci\u00f3n a la versi\u00f3n 2.59.1 puede solucionar este problema. El nombre del parche es c3e6d69422e1f0c80fe53f2d757b8df97619af2b. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-216737."
}
],
"id": "CVE-2022-4725",
"lastModified": "2024-11-21T07:35:49.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-27T15:15:12.130",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b"
},
{
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/pull/3100"
},
{
"source": "cna@vuldb.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.216737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/pull/3100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.216737"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
FKIE_CVE-2018-19981
Vulnerability from fkie_nvd - Published: 2019-04-04 15:29 - Updated: 2024-11-21 03:58
Severity ?
Summary
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amazon | aws_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:aws_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A47A1DE3-39A9-4EAD-ACB5-BD30DC3378B8",
"versionEndIncluding": "2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Amazon AWS SDK \u003c=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have \"root\" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android\u0027s fundamental security mechanisms)."
},
{
"lang": "es",
"value": "Amazon AWS SDK, en versiones 2.8.5 y anteriores, utiliza la clase \"Android SharedPreferences\" para almacenar las credenciales temporales de AWS STS recuperadas por AWS Cognito Identity Service. Un atacante puede utilizar estas credenciales para crear peticiones autenticadas y/o autorizadas. N\u00f3tese que el atacante deber\u00e1 tener acceso de privilegios root en sistema de archivos de Android para poder explotar esta vulnerabilidad; es decir, el dispositivo se ha comprometido, por ejemplo, deshabilitando u omitiendo los mecanismos fundamentales de seguridad de Android."
}
],
"id": "CVE-2018-19981",
"lastModified": "2024-11-21T03:58:56.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-04T15:29:01.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-51651 (GCVE-0-2023-51651)
Vulnerability from cvelistv5 – Published: 2023-12-22 21:03 – Updated: 2024-08-02 22:40
VLAI?
Summary
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.
Severity ?
6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| aws | aws-sdk-php |
Affected:
>= 3.0.0, < 3.288.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m"
},
{
"name": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2"
},
{
"name": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "aws-sdk-php",
"vendor": "aws",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.288.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T15:45:25.963Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m"
},
{
"name": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2"
},
{
"name": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1"
}
],
"source": {
"advisory": "GHSA-557v-xcg6-rm5m",
"discovery": "UNKNOWN"
},
"title": "Potential URI resolution path traversal in the AWS SDK for PHP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51651",
"datePublished": "2023-12-22T21:03:00.825Z",
"dateReserved": "2023-12-20T22:12:04.737Z",
"dateUpdated": "2024-08-02T22:40:34.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2582 (GCVE-0-2022-2582)
Vulnerability from cvelistv5 – Published: 2022-12-27 21:13 – Updated: 2025-04-11 16:20
VLAI?
Summary
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
Severity ?
4.3 (Medium)
CWE
- CWE 311: Missing Encryption of Sensitive Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| github.com/aws/aws-sdk-go | github.com/aws/aws-sdk-go/service/s3/s3crypto |
Affected:
0 , < 1.34.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2022-0391"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T16:19:30.823999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:20:04.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "github.com/aws/aws-sdk-go/service/s3/s3crypto",
"product": "github.com/aws/aws-sdk-go/service/s3/s3crypto",
"programRoutines": [
{
"name": "encodeMeta"
},
{
"name": "DecryptionClient.GetObject"
},
{
"name": "DecryptionClient.GetObjectWithContext"
},
{
"name": "EncryptionClient.PutObject"
},
{
"name": "EncryptionClient.PutObjectWithContext"
},
{
"name": "S3LoadStrategy.Load"
},
{
"name": "S3SaveStrategy.Save"
},
{
"name": "defaultV2LoadStrategy.Load"
},
{
"name": "kmsKeyHandler.DecryptKey"
},
{
"name": "kmsKeyHandler.DecryptKeyWithContext"
},
{
"name": "kmsKeyHandler.GenerateCipherData"
},
{
"name": "kmsKeyHandler.GenerateCipherDataWithContext"
}
],
"vendor": "github.com/aws/aws-sdk-go",
"versions": [
{
"lessThan": "1.34.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 311: Missing Encryption of Sensitive Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:04:12.778Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-0391"
}
],
"title": "Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-2582",
"datePublished": "2022-12-27T21:13:47.272Z",
"dateReserved": "2022-07-29T19:42:31.027Z",
"dateUpdated": "2025-04-11T16:20:04.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4725 (GCVE-0-2022-4725)
Vulnerability from cvelistv5 – Published: 2022-12-24 00:00 – Updated: 2024-08-03 01:48
VLAI?
Summary
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description",
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.216737"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/pull/3100"
},
{
"tags": [
"mitigation",
"patch",
"x_transferred"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b"
},
{
"tags": [
"mitigation",
"x_transferred"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"XML Parser"
],
"product": "AWS SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.59.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in AWS SDK 2.59.0 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion XpathUtils der Datei aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java der Komponente XML Parser. Durch Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.59.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c3e6d69422e1f0c80fe53f2d757b8df97619af2b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-24T21:19:40.585Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"technical-description",
"vdb-entry"
],
"url": "https://vuldb.com/?id.216737"
},
{
"tags": [
"related"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/pull/3100"
},
{
"tags": [
"mitigation",
"patch"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b"
},
{
"tags": [
"mitigation"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-24T14:52:19.000Z",
"value": "VulDB last update"
}
],
"title": "AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-4725",
"datePublished": "2022-12-24T00:00:00",
"dateReserved": "2022-12-24T00:00:00",
"dateUpdated": "2024-08-03T01:48:40.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19981 (GCVE-0-2018-19981)
Vulnerability from cvelistv5 – Published: 2019-04-04 14:34 – Updated: 2024-08-05 11:51
VLAI?
Summary
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Amazon AWS SDK \u003c=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have \"root\" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android\u0027s fundamental security mechanisms)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T16:47:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amazon AWS SDK \u003c=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have \"root\" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android\u0027s fundamental security mechanisms)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
},
{
"name": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html",
"refsource": "MISC",
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19981",
"datePublished": "2019-04-04T14:34:56",
"dateReserved": "2018-12-09T00:00:00",
"dateUpdated": "2024-08-05T11:51:17.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51651 (GCVE-0-2023-51651)
Vulnerability from nvd – Published: 2023-12-22 21:03 – Updated: 2024-08-02 22:40
VLAI?
Summary
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.
Severity ?
6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| aws | aws-sdk-php |
Affected:
>= 3.0.0, < 3.288.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m"
},
{
"name": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2"
},
{
"name": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "aws-sdk-php",
"vendor": "aws",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.288.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T15:45:25.963Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m"
},
{
"name": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2"
},
{
"name": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aws/aws-sdk-php/releases/tag/3.288.1"
}
],
"source": {
"advisory": "GHSA-557v-xcg6-rm5m",
"discovery": "UNKNOWN"
},
"title": "Potential URI resolution path traversal in the AWS SDK for PHP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51651",
"datePublished": "2023-12-22T21:03:00.825Z",
"dateReserved": "2023-12-20T22:12:04.737Z",
"dateUpdated": "2024-08-02T22:40:34.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2582 (GCVE-0-2022-2582)
Vulnerability from nvd – Published: 2022-12-27 21:13 – Updated: 2025-04-11 16:20
VLAI?
Summary
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
Severity ?
4.3 (Medium)
CWE
- CWE 311: Missing Encryption of Sensitive Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| github.com/aws/aws-sdk-go | github.com/aws/aws-sdk-go/service/s3/s3crypto |
Affected:
0 , < 1.34.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2022-0391"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T16:19:30.823999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T16:20:04.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "github.com/aws/aws-sdk-go/service/s3/s3crypto",
"product": "github.com/aws/aws-sdk-go/service/s3/s3crypto",
"programRoutines": [
{
"name": "encodeMeta"
},
{
"name": "DecryptionClient.GetObject"
},
{
"name": "DecryptionClient.GetObjectWithContext"
},
{
"name": "EncryptionClient.PutObject"
},
{
"name": "EncryptionClient.PutObjectWithContext"
},
{
"name": "S3LoadStrategy.Load"
},
{
"name": "S3SaveStrategy.Save"
},
{
"name": "defaultV2LoadStrategy.Load"
},
{
"name": "kmsKeyHandler.DecryptKey"
},
{
"name": "kmsKeyHandler.DecryptKeyWithContext"
},
{
"name": "kmsKeyHandler.GenerateCipherData"
},
{
"name": "kmsKeyHandler.GenerateCipherDataWithContext"
}
],
"vendor": "github.com/aws/aws-sdk-go",
"versions": [
{
"lessThan": "1.34.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 311: Missing Encryption of Sensitive Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:04:12.778Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-0391"
}
],
"title": "Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-2582",
"datePublished": "2022-12-27T21:13:47.272Z",
"dateReserved": "2022-07-29T19:42:31.027Z",
"dateUpdated": "2025-04-11T16:20:04.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4725 (GCVE-0-2022-4725)
Vulnerability from nvd – Published: 2022-12-24 00:00 – Updated: 2024-08-03 01:48
VLAI?
Summary
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
Severity ?
5.5 (Medium)
5.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description",
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.216737"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/pull/3100"
},
{
"tags": [
"mitigation",
"patch",
"x_transferred"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b"
},
{
"tags": [
"mitigation",
"x_transferred"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"XML Parser"
],
"product": "AWS SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.59.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in AWS SDK 2.59.0 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion XpathUtils der Datei aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java der Komponente XML Parser. Durch Manipulation mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 2.59.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c3e6d69422e1f0c80fe53f2d757b8df97619af2b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-24T21:19:40.585Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"technical-description",
"vdb-entry"
],
"url": "https://vuldb.com/?id.216737"
},
{
"tags": [
"related"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/pull/3100"
},
{
"tags": [
"mitigation",
"patch"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b"
},
{
"tags": [
"mitigation"
],
"url": "https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-24T14:52:19.000Z",
"value": "VulDB last update"
}
],
"title": "AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-4725",
"datePublished": "2022-12-24T00:00:00",
"dateReserved": "2022-12-24T00:00:00",
"dateUpdated": "2024-08-03T01:48:40.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19981 (GCVE-0-2018-19981)
Vulnerability from nvd – Published: 2019-04-04 14:34 – Updated: 2024-08-05 11:51
VLAI?
Summary
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Amazon AWS SDK \u003c=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have \"root\" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android\u0027s fundamental security mechanisms)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-04T16:47:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amazon AWS SDK \u003c=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have \"root\" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android\u0027s fundamental security mechanisms)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png"
},
{
"name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png"
},
{
"name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png"
},
{
"name": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html",
"refsource": "MISC",
"url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19981",
"datePublished": "2019-04-04T14:34:56",
"dateReserved": "2018-12-09T00:00:00",
"dateUpdated": "2024-08-05T11:51:17.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}