AWS VDP - HackerOne Reports
View on HackerOne33
Total Reports
1
Critical
5
High
23
Medium
1
Low
Non-Production API Endpoint for the EventBridge Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
Non-Production API Endpoint for the ElastiCache Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
A potential risk in the aws-lambda-ecs-run-task which can be used to privilege escalation.
Reported by:
zolaer9527
|
Disclosed:
Medium
Weakness: Incorrect Privilege Assignment
AWS | Self Registration Internal LibreChat : Access to internal/proprietary LLMs
Reported by:
notnotnotveg
|
Disclosed:
Low
Weakness: Authentication Bypass Using an Alternate Path or Channel
Information Disclosure Due To exposed .env file (Directory Listing) at ████████
Reported by:
necr0mancer
|
Disclosed:
High
Weakness: Information Exposure Through Directory Listing
Non-Production API Endpoints for the Global Accelerator Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
A potential risk in the experimental-programmatic-access-ccft which can be used to privilege escalation.
Reported by:
zolaer9527
|
Disclosed:
High
Weakness: Incorrect Privilege Assignment
XSS on Amazon Aquisition: elemental
Reported by:
muhammad_kasim
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Reflected
External service interaction (HTTP)
Reported by:
hesham_elsheme
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
Amazon Comprehend Medical Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
(Part 2) Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
CVE-2020-5902
Reported by:
perigou
|
Disclosed:
Critical
Weakness: Using Components with Known Vulnerabilities
CVEs:
CVE-2020-5902
Private AWS AMIs are temporarily being exposed publicly
Reported by:
seth_art_dd
|
Disclosed:
Non-Production API Endpoints for the bedrock-agent Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
Session Timeout Does Not Enforce Re-Authentication on AWS Access Portal
Reported by:
xendaviour
|
Disclosed:
Medium
Weakness: Reusing Session IDs (aka Session Replay)
Non-Production API Endpoints for the Device Farm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
Remote Code Execution in Amazon MWAA due to outdated Apache Airflow version
Reported by:
ricardojoserf
|
Disclosed:
Weakness: Code Injection
Reflected XSS on Amazon EC2 Instance
Reported by:
perigou
|
Disclosed:
High
Weakness: Reflected XSS
CVEs:
CVE-2022-29548
Non-Production API Endpoints for the Neptune Graph Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Reported by:
nick_frichette_dd
|
Disclosed:
Medium
Weakness: Insufficient Logging
Page 1 of 2
Next