Writeup: AWS API Gateway header smuggling and cache confusion
Writeup: AWS API Gateway header smuggling and cache confusion
securityblog.omegapoint.se Writeup: AWS API Gateway header smuggling and cache confusion
In this blog, we'll dive deeply into two potential security issues that Omegapoint identified in AWS API Gateway authorizers. We reported these issues to AWS in November 2022 and January 2023. AWS rolled out mitigations to all AWS customer accounts in May 2023.
"This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system"
Official announcement from AWS: https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/
0
comments