CVE-2023-50928
CVSS V2 None
CVSS V3 None
Description
"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.
Overview
- CVE ID
- CVE-2023-50928
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-12-22T21:00:49.814Z
- Last Modified Date
- 2023-12-22T21:00:49.814Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-cg8w-7q5v-g32r | x_refsource_CONFIRM |
| https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-50928 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50928 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 18:05:12 | Added to TrackCVE |