Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services


A cross-tenant vulnerability in Amazon Web Services’ (AWS) platform that might have been used as a weapon by an attacker to access resources without authorization has been fixed. Datadog notified AWS of the issue on September 1, 2022, and on September 6 a fix was released.

The problem is a confused deputy problem, a form of privilege escalation where a programme that lacks authorization to undertake an activity can compel a more privileged entity to carry it out.

Read More…