PT-2023-30684 · Unknown · Localstack

Publicado

2023-11-16

Atualizado

2023-11-22

CVE-2023-48054

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions localstack version 2.3.2

Description The issue is related to missing SSL certificate validation, which allows attackers to intercept communications between the host and server through a man-in-the-middle attack. This enables attackers to eavesdrop on the communication.

Recommendations For localstack version 2.3.2, update to a version that includes SSL certificate validation to prevent man-in-the-middle attacks. As a temporary workaround, consider disabling communication between the host and server until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2023-48054

GHSA-8633-G3PH-97RP

PYSEC-2023-243

Produtos afetados

Localstack

PT-2023-30684 · Unknown · Localstack

CVE-2023-48054

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8