Add "Using an Undocumented Amplify API to Leak AWS Account IDs"

wiz-sec / open-cvdb

An open project to list all publicly known cloud vulnerabilities and CSP security issues

https://cloudvulndb.org

Creative Commons Attribution 4.0 International

306 stars 61 forks source link

Add "Using an Undocumented Amplify API to Leak AWS Account IDs" #151

Closed scottpiper-wiz closed 1 year ago

scottpiper-wiz commented 1 year ago

Source: https://frichetten.com/blog/undocumented-amplify-api-leak-account-id/

This issue is low severity. As Nick notes, one might not even consider it a security issue at all, as AWS somewhat claims that account IDs are not sensitive at all. However, the fact that an API marked "internalonly" was public is a concern on it's own, and the fact that AWS acknowledged the mistake by fixing it.

0xdabbad00 commented 1 year ago

Closing this as dupe of #153 and #154