Mye956

Name of the Vulnerable Software and Affected Versions: Amazon ECS agent versions 0.0.3 through 1.97.0 Description: An issue was identified in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. The affected component is the introspection API. Recommendations: Amazon ECS agent version 0.0.3: Upgrade to version 1.97.1 or later. Amazon ECS agent versions 1.97.0: Upgrade to version 1.97.1 or later. For instances that cannot be updated, modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678).