CVE-2023-50928

CRITICAL Year: 2023
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-284
View all →

Vulnerability Description

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0.

Related Vulnerabilities

CVE-2020-4062

CRITICAL
CVSS:9.0(Critical)

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full...

CWE-2842020

CVE-2024-21376

CRITICAL
CVSS:9.0(Critical)

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

CWE-2842024

CVE-2024-29990

CRITICAL
CVSS:9.0(Critical)

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CWE-2842024

CVE-2013-5654

CRITICAL
CVSS:9.1(Critical)

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage

CWE-2842013

CVE-2015-1000009

CRITICAL
CVSS:9.1(Critical)

Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05

CWE-2842015