Home > Vulnerability Database > WS-2020-0188

Mend.io Vulnerability Database

WS-2020-0188

Good to know:

Date: November 2, 2020

Versions 1.x before v1.8.x and 2.x before v2.1.x of AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the user-defined set when the CLI was operating in "strict mode." Affected users should upgrade to Encryption CLI v1.8.x or v2.1.x as soon as possible.

Language: Python

Severity Score

7.5

Related Resources (2)

Url: https://github.com/aws/aws-encryption-sdk-cli/commit/7d21b8051cab9e52e056fe427d2bff19cf146460

Url: https://www.mend.io/vulnerability-database/WS-2020-0188

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 1.8.0, 2.1.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0188

Good to know:

Date: November 2, 2020

Language: Python

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?