search

wiz-sec / open-cvdb

An open project to list all publicly known cloud vulnerabilities and CSP security issues
https://cloudvulndb.org
Creative Commons Attribution 4.0 International
297 stars 59 forks source link

[Contribution] Database Passwords in Server Response in Amazon AWS Glue #291

Closed ramimac closed 2 months ago

ramimac commented 3 months ago

Summary (give a brief description of the issue)

The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate permissions can read the password. This behavior also increases the risk that database passwords will be intercepted by an attacker during transmission in the server response

References (provide links to blogposts, etc.)

https://seclists.org/fulldisclosure/2024/Apr/22