CVE-2024-45037

Summary

CVE-2024-45037 identifies a vulnerability in the AWS Cloud Development Kit (CDK) that can unintentionally grant authenticated Amazon Cognito users broader access than intended when using the "RestApi" construct with "CognitoUserPoolAuthorizer." This issue arises specifically under certain conditions related to authorization scopes and does not impact the availability of API resources. Affected products include those utilizing this specific CDK configuration, which is commonly employed to streamline cloud infrastructure development. To remediate this vulnerability, users should review and adjust their authorization configurations in CDK applications to limit access appropriately. The potential danger posed by this vulnerability is categorized as medium severity, with a possible confidentiality impact due to improper user permissions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.