CVE-2023-51386

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-51386
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51386.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-51386
Related
  • GHSA-p7w3-j66h-m7mx
Published
2023-12-22T22:15:07Z
Modified
2025-01-14T20:30:54Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0.

References

Affected packages

Git / github.com/awslabs/sandbox-accounts-for-events

Affected ranges

Type
GIT
Repo
https://github.com/awslabs/sandbox-accounts-for-events
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed