vulnerability
Amazon Linux 2023: CVE-2023-35941: Important priority package update for ecs-service-connect-agent
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:P/A:P) | Jul 25, 2023 | Feb 17, 2025 | Jul 4, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:P/A:P)
Published
Jul 25, 2023
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.
Solution
amazon-linux-2023-upgrade-ecs-service-connect-agent
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.