<p>Upgrade <code>aws-encryption-sdk-cli</code> to version 1.8.0, 2.1.0 or higher.</p>

Insecure Permissions Affecting aws-encryption-sdk-cli package, versions [,1.8.0) [2.0.0, 2.1.0)

Snyk CVSS

Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-AWSENCRYPTIONSDKCLI-1023592
published 29 Oct 2020
disclosed 28 Oct 2020
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 28 Oct 2020

CWE-275 Open this link in a new tab

How to fix?

Upgrade aws-encryption-sdk-cli to version 1.8.0, 2.1.0 or higher.

Overview

aws-encryption-sdk-cli is a This command line tool can be used to encrypt and decrypt files and directories using the AWS Encryption SDK.

Affected versions of this package are vulnerable to Insecure Permissions. In the affected versions, the AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the user-defined set when the CLI was operating in "strict mode".