CVE-2024-28056P2CRITICALCVSS 9.8fixed in 12.10.12024-04-15
CVE-2024-28056 [CRITICAL] CWE-276 CVE-2024-28056: Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles asso
Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat act
nvd