CNNVD-202512-2655 Information

CNNVD ID

CNNVD-202512-2655

Related CVE

CVE-2025-14503

• CNNVD Published: 2025-12-15

Description (Chinese)

Harmonix on AWS是Amazon Web Services - Labs开源的一个开发人员门户。 Harmonix on AWS 0.4.1及之前版本存在安全漏洞，该漏洞源于IAM信任策略过于宽松，可能导致权限提升。

Description (English)

Harmonix on AWS is a developer portal for Amazon Web Services - Labs Open Source. Harmonix on AWS 0.4.1 and earlier versions had a security loophole, which stemmed from the looseness of the IAM confidence strategy, which could lead to increased access.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Amazon Web Services - Labs

Published

2025-12-15

Last Modified

2026-02-24

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-031/ https://github.com/awslabs/harmonix/pull/189 https://github.com/awslabs/harmonix/security/advisories/GHSA-qm86-gqrq-mqcw https://access.redhat.com/security/cve/cve-2025-14503

Patch

https://github.com/awslabs/harmonix/releases