PT-2023-30684 · Unknown · Localstack

Published

2023-11-16

Updated

2023-11-22

CVE-2023-48054

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions localstack version 2.3.2

Description The issue is related to missing SSL certificate validation, which allows attackers to intercept communications between the host and server through a man-in-the-middle attack. This enables attackers to eavesdrop on the communication.

Recommendations For localstack version 2.3.2, update to a version that includes SSL certificate validation to prevent man-in-the-middle attacks. As a temporary workaround, consider disabling communication between the host and server until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2023-48054

GHSA-8633-G3PH-97RP

PYSEC-2023-243

Affected Products

Localstack

PT-2023-30684 · Unknown · Localstack

CVE-2023-48054

Weakness Enumeration

Related Identifiers

Affected Products

References · 8