low

Timing attack with Lambda and CloudWatch Synthetics

Published Tue, Sep 15th, 2020
Platforms

Summary

The immutability of Lambda versions could be violated via a timing attack against CloudWatch Synthetics canaries.

Affected Services

Lambda, CloudWatch Synthetics

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/ramimac
Disclosure Date
Tue, Sep 15th, 2020
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Ian Mckay

More vulnerabilities...

low

CloudFormation denial of service (in a single account)

An attacker with the ability to create CloudFormation stacks could cause a denial-of-service on some CloudFormation actions within a single AWS account.

...
Ian Mckay

low

S3 Crypto SDK vulnerabilities

Sophie Schmieg, Google

low

CloudTrail S3 data events leak bucket Account ID

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in err...

...
Jonathan Rault, TrustOnCloud

View all