Amazon Web Services (AWS) is urging its open-source Cloud Development Kit (CDK) users to apply fixes now available for a flaw that, under certain circumstances, can allow complete account takeover.
The issue allows attackers to perform name-squatting on AWS S3 (simple storage service) staging buckets, a temporary storage location within an organization’s cloud application deployment infrastructure to hold data for later processing.
Source:: Network World