Github.Com Aws Aws-Sdk-Go vulnerabilities
3 known vulnerabilities affecting github.com/aws_aws-sdk-go.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1LOW2
Vulnerabilities
Page 1 of 1
CVE-2022-2582MEDIUM≥ 0, < 1.34.02022-12-28
CVE-2022-2582 [MEDIUM] CWE-326 AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK ve
ghsaosv
CVE-2020-8911LOWCVSS 2.5≥ 0, < 1.34.02022-02-11
CVE-2020-8911 [LOW] CWE-327 CBC padding oracle issue in AWS S3 Crypto SDK for golang
CBC padding oracle issue in AWS S3 Crypto SDK for golang
### Summary
The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures (without revealing the plaintext) and that when encrypting the CBC option was chosen a
ghsaosv
CVE-2020-8912LOW≥ 0, < 1.34.02022-02-11
CVE-2020-8912 [LOW] CWE-327 In-band key negotiation issue in AWS S3 Crypto SDK for golang
In-band key negotiation issue in AWS S3 Crypto SDK for golang
### Summary
The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures (without revealing the plaintext) and that when encrypting the GCM option wa
ghsaosv