Описание
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.
A flaw was found in the AWS S3 Crypto SDK where algorithm parameters for the data encryption key are not authenticated. This flaw allows attackers with S3 bucket write access to change the negotiated encryption algorithm, potentially providing viable brute force methods to recover plaintext. This is not an issue in V2 of the API or for applications not encrypting files in S3 buckets. The highest threat from this vulnerability is to confidentiality.
Отчет
The following products include components that use the AWS SDK (aws/aws-sdk-go), however they do not include code that encrypts or decrypts files in S3 buckets (aws/aws-sdk-go/service/s3/s3crypto). The below products are not affected by this flaw:
- Red Hat Cluster Application Migration
- Red Hat OpenShift Container Platform
- Red Hat OpenShift ServiceMesh
- Red Hat OpenShift Container Storage
- Red Hat Ceph Storage
- Red Hat Gluster Storage
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Interconnect 1 | amq-cert-manager-container | Fix deferred | ||
| OpenShift Serverless | CLI | Fix deferred | ||
| OpenShift Serverless | knative-eventing | Fix deferred | ||
| OpenShift Serverless | knative-serving | Fix deferred | ||
| OpenShift Service Mesh 1 | servicemesh | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-grafana | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-operator | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-prometheus | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | awk-sdk-go | Not affected | ||
| Red Hat Ceph Storage 2 | grafana | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.5 Low
CVSS3
Связанные уязвимости
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.
In-band key negotiation issue in AWS S3 Crypto SDK for golang
EPSS
2.5 Low
CVSS3