Aws Cli
Monthly
Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).
Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).