Vulnerability	Vulnerable Version
M Exposure of Sensitive System Information to an Unauthorized Control Sphere cdk is an AWS CDK Toolkit Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere through the `expiration` property in the credentials object. An attacker can gain access to AWS credentials by configuring a credential plugin to include this property. Note: Plugins that omit the `expiration` property are not vulnerable by this issue. How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere? Upgrade `cdk` to version 2.178.2 or higher.	>=2.172.0 <2.178.2

Exposure of Sensitive System Information to an Unauthorized Control Sphere

cdk is an AWS CDK Toolkit

Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere through the expiration property in the credentials object. An attacker can gain access to AWS credentials by configuring a credential plugin to include this property.

Note:

Plugins that omit the expiration property are not vulnerable by this issue.

How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere?

Upgrade cdk to version 2.178.2 or higher.

>=2.172.0 <2.178.2

Go back to all versions of this package