high

AWS RDS local file read

Published Mon, Apr 11th, 2022
Platforms

Summary

A vulnerability was discovered in the Aurora PostgreSQL log_fdw extension for Amazon Relational Database Service (RDS), allowing an attacker to read files on the EC2 host and obtain credentials for an internal AWS service.

Affected Services

RDS

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Thu, Dec 9th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Gafnit Amiga, Lightspin