Closed Frichetten closed 1 year ago
See the :open_file_folder: files view or the :scroll:action log for details.
datadog datadoghq dpr frichette frichetten imgix securitylabs
See the :open_file_folder: files view or the :scroll:action log for details.
Datadog datadoghq frichette frichetten securitylabs
Hey there. This PR submits a confused deputy vulnerability in AWS AppSync, that I found. This would allow you to access resources in other AWS accounts by tricking the AppSync service to assume arbitrary roles which trust it.
I have marked it as a High. Not entirely sure what constitutes a Critical. I'm open to changes/feedback though :)