Опубликовано: 15 янв. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 7.7
CVSS3: 7.5
Описание
An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.
An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-0500
- https://aws.amazon.com/security/security-bulletins/AWS-2025-001
- https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html
- https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul
- https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes
- https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes
- https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes
Связанные уязвимости
CVSS3: 7.5
nvd
около 1 года назад
An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.