CNNVD-202511-365 Information
CNNVD ID
CNNVD-202511-365
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
Amazon WorkSpaces是美国亚马逊(Amazon)公司的一种完全托管的持久桌面虚拟化服务,可让您的用户随时随地通过任何受支持的设备访问他们需要的数据、应用程序和资源。 Amazon WorkSpaces 2024.8及之前版本存在安全漏洞,该漏洞源于身份验证令牌处理不当,可能导致本地用户提取其他用户的身份验证令牌并访问其WorkSpace。
Description (English)
Amazon WorkSpaces is a fully hosted, permanent desktop virtualization service that allows your users to access the data, applications and resources they need at any time and any time through any supported device. Amazon WorkSpaces 2024.8 and earlier versions have security loopholes, which stem from the inappropriate handling of identification badges, which may lead local users to extract other user identification badges and access their WorldSpace.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
亚马逊
Published
2025-11-05
Last Modified
2026-02-24
References
https://aws.amazon.com/security/security-bulletins/AWS-2025-025/ https://access.redhat.com/security/cve/cve-2025-12779
Patch
https://clients.amazonworkspaces.com/
Share on: