forked from wiz-sec/open-cvdb
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes wiz-sec#290: Appflow Ronin.ae issues
- Loading branch information
Showing
2 changed files
with
61 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
title: AWS AppFlow secrets disclosure | ||
slug: aws-appflow-secrets-disclosure | ||
cves: null | ||
affectedPlatforms: | ||
- AWS | ||
affectedServices: | ||
- AppFlow | ||
image: https://images.unsplash.com/photo-1620027242961-c4c1e9f5c6a0?q=80&w=1470&auto=format&fit=crop&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D | ||
severity: low | ||
discoveredBy: | ||
name: null | ||
org: Ronin | ||
domain: https://ronin.ae | ||
twitter: null | ||
publishedAt: 2023/11/06 | ||
disclosedAt: 2023/06/24 | ||
exploitabilityPeriod: null | ||
knownITWExploitation: false | ||
summary: | | ||
AppFlow had an undocumented service called sandstoneconfigurationservicelambda. | ||
An undocumented field (awsOwnedManagedAppCredentialsArn) could be used during | ||
connector registration and connector updates. Specifying a victim's Secret ARN | ||
as that field disclosed the clientId and clientSecret, so long as the victim | ||
Secret ARN belonged to a connection profile which is of the type | ||
OAuth or contains clientId and clientSecret. | ||
manualRemediation: | | ||
None required | ||
detectionMethods: null | ||
contributor: https://github.com/ramimac | ||
references: | ||
- https://ronin.ae/news/amazon-appflow-vulnerabilities/ |
30 changes: 30 additions & 0 deletions
30
vulnerabilities/aws-appflow-woocommerce-connector-ssrf.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
title: AWS AppFlow WooCommerce SSRF | ||
slug: aws-appflow-woocommerce-ssrf | ||
cves: null | ||
affectedPlatforms: | ||
- AWS | ||
affectedServices: | ||
- AppFlow | ||
image: https://images.unsplash.com/photo-1482685945432-29a7abf2f466?q=80&w=1489&auto=format&fit=crop&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D | ||
severity: low | ||
discoveredBy: | ||
name: null | ||
org: Ronin | ||
domain: https://ronin.ae | ||
twitter: null | ||
publishedAt: 2023/11/06 | ||
disclosedAt: 2023/06/21 | ||
exploitabilityPeriod: null | ||
knownITWExploitation: false | ||
summary: | | ||
The AppFlow WooCommerce connector allowed specification of a full URL. | ||
The connector included details of response content when the URL | ||
offered an unexpected response. This means you could make arbitrary | ||
GET requests to any URL from the WooCommerce connector, and view the | ||
response content. The response in the error was truncated to 500 characters. | ||
manualRemediation: | | ||
None required | ||
detectionMethods: null | ||
contributor: https://github.com/ramimac | ||
references: | ||
- https://ronin.ae/news/amazon-appflow-vulnerabilities/ |