low

AWS AppFlow secrets disclosure

Published Mon, Nov 6th, 2023

Platforms

Summary

AppFlow had an undocumented service called sandstoneconfigurationservicelambda. An undocumented field (awsOwnedManagedAppCredentialsArn) could be used during connector registration and connector updates. Specifying a victim's Secret ARN as that field disclosed the clientId and clientSecret, so long as the victim Secret ARN belonged to a connection profile which is of the type OAuth or contains clientId and clientSecret.

Affected Services

AppFlow

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://ronin.ae/news/amazon-appflow-vulnerabilities/

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Sat, Jun 24th, 2023

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Ronin

More vulnerabilities...

high

Hacking Google Bard via Prompt Injection

A vulnerability in Google Bard allowed for prompt injection and data exfiltration through its Extensions feature. By injecting malicious instructions into shared Google Docs, an attacker could forc...

wunderwuzzi, Embrace The RedNov 3, 2023

medium

ApatchMe

Amazon Managed Workflows for Apache Airflow (MWAA) and the Task instance details page in the Google Composer UI were not patched against CVE-2023-29247 (Stored XSS). This meant that post-authentica...

Liv Matan, TenableNov 2, 2023

low

Vertex AI Studio data exfiltration

In Vertex AI Studio, a Prompt Injection attack could cause the LLM to return markdown tags. This could have allowed an adversary whose data makes it into the chat context (e.g., via an uploaded fil...

Johann RehbergerOct 19, 2023

View all