漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
sandbox-accounts-for-events security misconfiguration leads to budget exceed
Vulnerability Description
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Amazon Sandbox Accounts for Events 访问控制错误漏洞
Vulnerability Description
Amazon Sandbox Accounts for Events是美国亚马逊(Amazon)公司的一个应用程序。允许通过基于浏览器的 GUI 同时向多个经过身份验证的用户提供多个临时 AWS 帐户。 Amazon Sandbox Accounts for Events 1.1.0之前版本存在访问控制错误漏洞,该漏洞源于经过身份验证的用户可能通过请求有效载荷访问空AWS帐户。
CVSS Information
N/A
Vulnerability Type
N/A