AWS SOC 2 type 2 failure (Fall 2021)

Published Mon, Nov 15th, 2021

Platforms

Summary

Information about this issue is under NDA, but AWS customers can read about it on page 98 of the report, which is available for download through AWS Artifact. Note: This issue is outside the scope of this database's usual criteria for inclusion, but has been kept for historic reasons, as it was included in the original CSP Security Mistakes dataset.

Affected Services

N/A

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://aws.amazon.com/blogs/security/fall-2021-soc-reports-now-available-with-141-services-in-scope/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Mon, Nov 15th, 2021

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

More vulnerabilities...

low

AWS API Gateway HTTP header smuggling

A flaw in AWS API Gateway enabled hiding HTTP request headers. Tampering with HTTP requests visibility enabled bypassing IP restrictions, cache poisoning and request smuggling.

Daniel Thatcher, intruderNov 10, 2021

high

Cloud SQL vulnerabilities in Google's RDS offering

Multiple vulnerabilities were found in Google Cloud SQL, including config file injection leading to RCE, information disclosure in the Cloud SQL Auth Proxy, and a design issue in Postgres IAM authe...

Imre RadOct 18, 2021

high

Azure NotLegit

Azure App Service had an insecure default behavior that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”.

Shir Tamari, WizOct 7, 2021

View all