We found results for “”
WS-2020-0188
Good to know:
Date: November 2, 2020
Versions 1.x before v1.8.x and 2.x before v2.1.x of AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the user-defined set when the CLI was operating in "strict mode." Affected users should upgrade to Encryption CLI v1.8.x or v2.1.x as soon as possible.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | ADJACENT_NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |