medium

AWS SageMaker Jupyter Notebook instance CSRF

Published Thu, Dec 2nd, 2021

Platforms

Summary

AWS SageMaker Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments. The exact same issue existed in GCP previously.

Affected Services

SageMaker Jupyter Notebook

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://blog.lightspin.io/aws-sagemaker-notebook-takeover-vulnerability

Contributed by https://github.com/a10ns

Entry Status

Finalized

Disclosure Date

Thu, Dec 2nd, 2021

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

8.37

(PI:1.5/A1:20/A2:1/A7:1.1/A8:0.9)

Discovered by

Gafnit Amiga, Lightspin

More vulnerabilities...

high

CredManifest (Azure AD keyCredential property information disclosure)

Automation Account 'Run as' credentials (PFX certificates) were being stored in cleartext, in Azure Active Directory (AAD). These credentials were available to anyone with the ability to read infor...

Karl Fosaaen, NetSPI

Wed, Nov 17th, 2021

AWS SOC 2 type 2 failure (Fall 2021)

Information about this issue is under NDA, but AWS customers can read about it on page 98 of the report, which is available for download through AWS Artifact. Note: This issue is outside the scope ...

Anonymous discoverer

Mon, Nov 15th, 2021

low

AWS API Gateway HTTP header smuggling

A flaw in AWS API Gateway enabled hiding HTTP request headers. Tampering with HTTP requests visibility enabled bypassing IP restrictions, cache poisoning and request smuggling.

Daniel Thatcher, intruder

Wed, Nov 10th, 2021

View all