low

Timing attack with Lambda and CloudWatch Synthetics

Published Tue, Sep 15th, 2020
Platforms

Summary

The immutability of Lambda versions could be violated via a timing attack against CloudWatch Synthetics canaries.

Affected Services

Lambda, CloudWatch Synthetics

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Tue, Sep 15th, 2020
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Ian Mckay