Head Topics

AWS fixes 'confused deputy' vulnerability in AppSync

United Kingdom News News

AWS fixes 'confused deputy' vulnerability in AppSync
United Kingdom Latest News,United Kingdom Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 49 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 23%
  • Publisher: 61%

Datadog security researchers found the flaw before miscreants did

No customers were affected by the vulnerability and no customer action is required, according to AWS.posted on Monday, the cloud services provider thanked Datadog for reporting the"case-sensitivity parsing issue" in AppSync.

"AWS moved immediately to correct this issue when it was reported," it read."Analysis of logs going back to the launch of the service have been conducted and we have conclusively determined that the only activity associated with this issue was between accounts owned by the researcher. No other customer accounts were impacted."

AWS AppSync provides a GraphQL interface for application developers to combine data from Amazon DynamoDB, AWS Lambda, and external APIs like Datadog. In addition to predefined data sources, developers can create integrations to allow AppSync to directly call APIs by creating a role that gives AppSync the required identity and access management permissions.

Because Datadog integrates with AppSync, the company's security researchers wanted to see if they could"trick" the AWS service into assuming a role and then accessing and controlling resources from other data sources.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

India gets a second AWS regionIndia gets a second AWS regionAmazon to spend $4.4b in India as it adds second AWS region
Read more »

AWS gives older EC2 instances a legacy lifelineAWS gives older EC2 instances a legacy lifelinePreserves pre-2017 servers on its newer Nitro hardware
Read more »

A Pokémon Scarlet and Violet exploit is letting players duplicate shiny Pokémon | VGCA Pokémon Scarlet and Violet exploit is letting players duplicate shiny Pokémon | VGCThis newly discovered Pokémon Scarlet and Violet exploit lets you duplicate any Pokémon, including shiny ones.
Read more »

India gets a second AWS regionIndia gets a second AWS regionAmazon to spend $4.4b in India as it adds second AWS region
Read more »

Overwatch 2 won't remove Tracer despite damage bug because she kinda sucks without itOverwatch 2 won't remove Tracer despite damage bug because she kinda sucks without itBlizzard thinks fixing the bug will make her substantially weaker.
Read more »

AWS gives older EC2 instances a legacy lifelineAWS gives older EC2 instances a legacy lifelinePreserves pre-2017 servers on its newer Nitro hardware
Read more »



Render Time: 2025-02-22 19:28:50