Graph Explorer
Monthly
Information disclosure in AWS Graph Explorer before v3.0.1 occurs because the bundled proxy server silently falls back to plaintext HTTP when its TLS certificate files cannot be loaded, causing requests intended for HTTPS to traverse the network unencrypted. Network-positioned attackers can intercept these requests and harvest sensitive graph queries, headers, or credentials. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Information disclosure in AWS Graph Explorer before v3.0.1 occurs because the bundled proxy server silently falls back to plaintext HTTP when its TLS certificate files cannot be loaded, causing requests intended for HTTPS to traverse the network unencrypted. Network-positioned attackers can intercept these requests and harvest sensitive graph queries, headers, or credentials. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.