漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Control of User-Modifiable Attributes in RES CreateSession API
Vulnerability Description
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-915
Vulnerability Title
Amazon Web Services Research and Engineering Studio 安全漏洞
Vulnerability Description
Amazon Web Services Research and Engineering Studio是美国亚马逊(Amazon)公司的一个基于云的研究和工程环境。 Amazon Web Services Research and Engineering Studio 2026.03之前版本存在安全漏洞,该漏洞源于会话创建组件中用户可修改属性未清理,可能导致远程认证用户通过特制API请求提升权限并获取虚拟桌面主机实例配置文件权限。
CVSS Information
N/A
Vulnerability Type
N/A