Researchers identified non-production AWS API endpoints that could be abused for defense evasion, including silent permission enumeration, accessing account data without logging, and partially bypassing CloudTrail. AWS has remediated specific issues but thousands of such endpoints may exist.
Affected Services
ECR, Cost Explorer, Route 53 Resolver, IVS
Remediation
None required. AWS has remediated the specific vulnerabilities disclosed.