漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Overly Permissive Trust Policy in Harmonix on AWS EKS
Vulnerability Description
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权授予不正确
Vulnerability Title
Harmonix on AWS 安全漏洞
Vulnerability Description
Harmonix on AWS是Amazon Web Services - Labs开源的一个开发人员门户。 Harmonix on AWS 0.4.1及之前版本存在安全漏洞,该漏洞源于IAM信任策略过于宽松,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A