medium

AWS CloudShell terminal escape

Published Wed, Mar 10th, 2021
Platforms

Summary

If attacker controlled data is viewed in Cloudshell it could have led to code execution. This exact same issue existed in Azure previously.

Affected Services

Cloudshell

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Entry Status
Finalized
Disclosure Date
Mon, Feb 8th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Felix Wilhelm, Google