low

XSS on EC2 web console

Published Wed, Jul 1st, 2020

Platforms

Summary

Display of EC2 tags had XSS

Affected Services

EC2

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://embracethered.com/blog/posts/2020/aws-xss-cross-site-scripting-vulnerability/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Wed, Jul 1st, 2020

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Johann Rehberger

More vulnerabilities...

medium

GKE and EKS CAP_NET_RAW metadata service MITM root privilege escalation

An attacker with access to a hostNetwork=true container with CAP_NET_RAW capability can listen to all the traffic going through the host and inject arbitrary traffic, allowing to tamper with most u...

Etienne ChampetierJun 15, 2020

high

RCE in Google Cloud Deployment Manager

An RCE in Google Cloud Deployment Manager could have allowed an attacker to make requests to internal Google services, authenticated as a privileged service account.

Ezequiel PereiraMay 21, 2020

low

GuardDuty detection bypass via cloudtrail

GuardDuty detected CloudTrail being outright disabled, but did not detect if an attacker with the necessary permissions filtered out all events from CloudTrail via PutEventSelectors, resulting in d...

Spencer Gietzen, Rhino Secu...Apr 23, 2020

View all