Summary
AWS's hotpatches for Log4shell worked as intended but introduced new container escape vulnerabilities.
Affected Services
N/A
Remediation
None required
Tracked CVEs
CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071
References
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/https://aws.amazon.com/security/security-bulletins/AWS-2022-006/
Contributed by https://github.com/0xdabbad00
Entry Status
Finalized
Disclosure Date
Tue, Dec 14th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Yuval Avrahami, Palo Alto
