vulnerability
Amazon Linux AMI: ALAS-2017-866: Security patch for aws-cfn-bootstrap
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Aug 3, 2017 | Aug 4, 2017 | Feb 19, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Aug 3, 2017
Added
Aug 4, 2017
Modified
Feb 19, 2025
Description
2024-01-18: The invalid reference CVE-Pending was removed from this advisory.
A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450, where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system
Solution
amazon-linux-upgrade-aws-cfn-bootstrap
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.