medium

SNS SigningCertUrl improper validation

Published Fri, Aug 19th, 2022

Platforms

Summary

Amazon SNS' signature validation in the official SDK relied on a weak regex for default AWS certificate locations, that would incorrectly match an S3 bucket named `sns`. This bucket happened to be publicly readable and writeable, allowing an attacker to forge messages to any user of the official SDK SNS validator.

Affected Services

Amazon Simple Notification Service (SNS)

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://spaceraccoon.dev/exploiting-improper-validation-amazon-simple-notification-service/https://2022.cloud-village.org/

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Eugene Lim

More vulnerabilities...

critical

Remote Code Execution via GitHub Import

A critical vulnerability in GitLab's GitHub import feature allows remote code execution. The issue stems from improper handling of Sawyer::Resource objects, enabling injection of Redis commands. Th...

yvvdwfAug 17, 2022

medium

Actions Core Delimiter Injection Vulnerability

The @actions/core package had a delimiter injection vulnerability in the exportVariable function. Attackers could use a known delimiter to break out of a specific variable and assign values to othe...

Juho NurminenAug 12, 2022

medium

Cloud SQL escape to host

In GCP's case, they introduced a modification to the Cloud SQL's PostgreSQL engine allowing the role assigned to the tenant (cloudsqlsuperuser) to arbitrarily change the ownership of a table to any...

Shir Tamari, Nir Ohfeld, Sa...Aug 11, 2022

View all