Data Exfiltration via Temporary AWS Accounts in Sandbox Accounts 1.10.0
CVE-2023-51386 Published on December 22, 2023
Sandbox Accounts for Events vulnerable to privilege escalation to read running events data
Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0.
Vulnerability Analysis
CVE-2023-51386 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2023-51386
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-51386 are published in Amazon Awslabs Sandbox Accounts Events:
Affected Versions
awslabs sandbox-accounts-for-events Version < 1.1.0 is affected by CVE-2023-51386Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.