Vulnerability identifier: #VU27614
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote user to bypass authorization checks.
The vulnerability exists due to the affected plugin performs improper permission checks when providing a list of applicable credentials IDs to allow users configuring the plugin to select the one to use. A remote authenticated attacker with Overall/Read permission can get a list of valid credentials IDs.
Install updates from vendor's website.
Vulnerable software versions
Amazon EC2: 1.0 - 1.50.1
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.