The Cloud Development Kit (CDK) flaw found by Aqua could allow account hijacking for about one percent of users, leading to serious security breaches.
After identifying the CDK flaw, AWS released version v2.149.0 and thanked Aqua for their discovery which helped mitigate potential attacks significantly.
The vulnerability related to an older attack method called 'Bucket Monopoly', where attackers exploit predictable S3 bucket names to inject malicious code.
AWS proactively reached out to affected customers while also implementing additional checks in the CLI to ensure users are reminded to upgrade their resources.
Collection
[
|
...
]