- Amazon EC2 package vulnerability finding
{
"version": "0",
"id": "66a7a279-5f92-971c-6d3e-c92da0950992",
"detail-type": "Inspector2 Finding",
"source": "aws.inspector2",
"account": "111122223333",
"time": "2023-01-19T22:46:15Z",
"region": "us-east-1",
"resources": ["i-0c2a343f1948d5205"],
"detail": {
"awsAccountId": "111122223333",
"description": "\n It was discovered that the sound subsystem in the Linux kernel contained a\n race condition in some situations. A local attacker could use this to cause\n a denial of service (system crash).",
"exploitAvailable": "YES",
"exploitabilityDetails": {
"lastKnownExploitAt": "Oct 24, 2022, 11:08:59 PM"
},
"findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID",
"firstObservedAt": "Jan 19, 2023, 10:46:15 PM",
"fixAvailable": "YES",
"lastObservedAt": "Jan 19, 2023, 10:46:15 PM",
"packageVulnerabilityDetails": {
"cvss": [{
"baseScore": 4.7,
"scoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"source": "NVD",
"version": "3.1"
}],
"referenceUrls": ["https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA@mail.gmail.com/", "https://ubuntu.com/security/notices/USN-5792-1", "https://ubuntu.com/security/notices/USN-5791-2", "https://ubuntu.com/security/notices/USN-5791-1", "https://ubuntu.com/security/notices/USN-5793-2", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d", "https://ubuntu.com/security/notices/USN-5793-1", "https://ubuntu.com/security/notices/USN-5792-2", "https://ubuntu.com/security/notices/USN-5791-3", "https://ubuntu.com/security/notices/USN-5793-4", "https://ubuntu.com/security/notices/USN-5793-3", "https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d(6.0-rc5)", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3303"],
"relatedVulnerabilities": [],
"source": "UBUNTU_CVE",
"sourceUrl": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-3303.html",
"vendorCreatedAt": "Sep 27, 2022, 11:15:00 PM",
"vendorSeverity": "medium",
"vulnerabilityId": "CVE-2022-3303",
"vulnerablePackages": [{
"arch": "X86_64",
"epoch": 0,
"fixedInVersion": "0:5.15.0.1027.31~20.04.16",
"name": "linux-image-aws",
"packageManager": "OS",
"remediation": "apt update && apt install --only-upgrade linux-image-aws",
"version": "5.15.0.1026.30~20.04.16"
}]
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"resources": [{
"details": {
"awsEc2Instance": {
"iamInstanceProfileArn": "arn:aws:iam::111122223333:instance-profile/AmazonSSMRoleForInstancesQuickSetup",
"imageId": "ami-0b7ff1a8d69f1bb35",
"ipV4Addresses": ["172.31.85.212", "44.203.45.27"],
"ipV6Addresses": [],
"launchedAt": "Jan 19, 2023, 7:53:14 PM",
"platform": "UBUNTU_20_04",
"subnetId": "subnet-8213f2a3",
"type": "t2.micro",
"vpcId": "vpc-ab6650d1"
}
},
"id": "i-0c2a343f1948d5205",
"partition": "aws",
"region": "us-east-1",
"type": "AWS_EC2_INSTANCE"
}],
"severity": "MEDIUM",
"status": "ACTIVE",
"title": "CVE-2022-3303 - linux-image-aws",
"type": "PACKAGE_VULNERABILITY",
"updatedAt": "Jan 19, 2023, 10:46:15 PM"
}
}
- Amazon EC2 network reachability finding
-
{
"version": "0",
"id": "d0384f63-1621-1b75-d014-a5e45628ef3e",
"detail-type": "Inspector2 Finding",
"source": "aws.inspector2",
"account": "111122223333",
"time": "2023-01-20T09:17:57Z",
"region": "us-east-1",
"resources": ["i-0a96278c2206a8e4b"],
"detail": {
"awsAccountId": "111122223333",
"description": "On the instance i-0a96278c2206a8e4b, the port range 22-22 is reachable from the InternetGateway igw-72069c09 from an attached ENI eni-0976efe678170408f.",
"findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID",
"firstObservedAt": "Jan 20, 2023, 9:17:57 AM",
"lastObservedAt": "Jan 20, 2023, 9:17:57 AM",
"networkReachabilityDetails": {
"networkPath": {
"steps": [{
"componentId": "igw-72069c09",
"componentType": "AWS::EC2::InternetGateway"
}, {
"componentId": "acl-91d74eec",
"componentType": "AWS::EC2::NetworkAcl"
}, {
"componentId": "sg-0aaed0af450bd0165",
"componentType": "AWS::EC2::SecurityGroup"
}, {
"componentId": "eni-0976efe678170408f",
"componentType": "AWS::EC2::NetworkInterface"
}, {
"componentId": "i-0a96278c2206a8e4b",
"componentType": "AWS::EC2::Instance"
}]
},
"openPortRange": {
"begin": 22,
"end": 22
},
"protocol": "TCP"
},
"remediation": {
"recommendation": {
"text": "You can restrict access to your instance by modifying the Security Groups or ACLs in the network path."
}
},
"resources": [{
"details": {
"awsEc2Instance": {
"iamInstanceProfileArn": "arn:aws:iam::111122223333:instance-profile/AmazonSSMRoleForInstancesQuickSetup",
"imageId": "ami-0b5eea76982371e91",
"ipV4Addresses": ["3.89.90.19", "172.31.93.57"],
"ipV6Addresses": [],
"keyName": "example-inspector-test",
"launchedAt": "Jan 19, 2023, 7:25:02 PM",
"platform": "AMAZON_LINUX_2",
"subnetId": "subnet-8213f2a3",
"type": "t2.micro",
"vpcId": "vpc-ab6650d1"
}
},
"id": "i-0a96278c2206a8e4b",
"partition": "aws",
"region": "us-east-1",
"type": "AWS_EC2_INSTANCE"
}],
"severity": "MEDIUM",
"status": "ACTIVE",
"title": "Port 22 is reachable from an Internet Gateway",
"type": "NETWORK_REACHABILITY",
"updatedAt": "Jan 20, 2023, 9:17:57 AM"
}
}
- Amazon ECR package vulnerability finding
{
"version": "0",
"id": "5b52952e-26df-3a51-6d14-4dbe737e58ec",
"detail-type": "Inspector2 Finding",
"source": "aws.inspector2",
"account": "111122223333",
"time": "2023-01-19T21:59:00Z",
"region": "us-east-1",
"resources": [
"arn:aws:ecr:us-east-1:111122223333:repository/inspector2/sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13"
],
"detail": {
"awsAccountId": "111122223333",
"description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.",
"exploitAvailable": "NO",
"findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID",
"firstObservedAt": "Jan 19, 2023, 9:59:00 PM",
"fixAvailable": "YES",
"inspectorScore": 7.5,
"inspectorScoreDetails": {
"adjustedCvss": {
"adjustments": [],
"cvssSource": "NVD",
"score": 7.5,
"scoreSource": "NVD",
"scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"lastObservedAt": "Jan 19, 2023, 9:59:00 PM",
"packageVulnerabilityDetails": {
"cvss": [
{
"baseScore": 5,
"scoringVector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"source": "NVD",
"version": "2.0"
},
{
"baseScore": 7.5,
"scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"source": "NVD",
"version": "3.1"
}
],
"referenceUrls": [
"https://hackerone.com/reports/1555796",
"https://security.gentoo.org/glsa/202212-01",
"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html",
"https://www.debian.org/security/2022/dsa-5197"
],
"relatedVulnerabilities": [],
"source": "NVD",
"sourceUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782",
"vendorCreatedAt": "Jun 2, 2022, 2:15:00 PM",
"vendorSeverity": "HIGH",
"vendorUpdatedAt": "Jan 5, 2023, 5:51:00 PM",
"vulnerabilityId": "CVE-2022-27782",
"vulnerablePackages": [
{
"arch": "X86_64",
"epoch": 0,
"fixedInVersion": "0:7.61.1-22.el8_6.3",
"name": "libcurl",
"packageManager": "OS",
"release": "22.el8",
"remediation": "yum update libcurl",
"sourceLayerHash": "sha256:38a980f2cc8accf69c23deae6743d42a87eb34a54f02396f3fcfd7c2d06e2c5b",
"version": "7.61.1"
},
{
"arch": "X86_64",
"epoch": 0,
"fixedInVersion": "0:7.61.1-22.el8_6.3",
"name": "curl",
"packageManager": "OS",
"release": "22.el8",
"remediation": "yum update curl",
"sourceLayerHash": "sha256:38a980f2cc8accf69c23deae6743d42a87eb34a54f02396f3fcfd7c2d06e2c5b",
"version": "7.61.1"
}
]
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"resources": [
{
"details": {
"awsEcrContainerImage": {
"architecture": "amd64",
"imageHash": "sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13",
"imageTags": [
"o3"
],
"platform": "ORACLE_LINUX_8",
"pushedAt": "Jan 19, 2023, 7:38:39 PM",
"registry": "111122223333",
"repositoryName": "inspector2"
}
},
"id": "arn:aws:ecr:us-east-1:111122223333:repository/inspector2/sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13",
"partition": "aws",
"region": "us-east-1",
"type": "AWS_ECR_CONTAINER_IMAGE"
}
],
"severity": "HIGH",
"status": "ACTIVE",
"title": "CVE-2022-27782 - libcurl, curl",
"type": "PACKAGE_VULNERABILITY",
"updatedAt": "Jan 19, 2023, 9:59:00 PM"
}
}
-
Lambda package vulnerability finding
-
{
"version": "0",
"id": "040bb590-3a12-353f-ecb1-05e54b0fbea7",
"detail-type": "Inspector2 Finding",
"source": "aws.inspector2",
"account": "111122223333",
"time": "2023-01-19T19:20:25Z",
"region": "us-east-1",
"resources": [
"arn:aws:lambda:us-east-1:111122223333:function:ExampleFunction:$LATEST"
],
"detail": {
"awsAccountId": "111122223333",
"description": "Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.",
"exploitAvailable": "NO",
"findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID",
"firstObservedAt": "Jan 19, 2023, 7:20:25 PM",
"fixAvailable": "YES",
"inspectorScore": 7.5,
"inspectorScoreDetails": {
"adjustedCvss": {
"cvssSource": "NVD",
"score": 7.5,
"scoreSource": "NVD",
"scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"lastObservedAt": "Jan 19, 2023, 7:20:25 PM",
"packageVulnerabilityDetails": {
"cvss": [
{
"baseScore": 7.5,
"scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"source": "NVD",
"version": "3.1"
}
],
"referenceUrls": [
"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434"
],
"relatedVulnerabilities": [],
"source": "NVD",
"sourceUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"vendorCreatedAt": "Sep 16, 2022, 10:15:00 AM",
"vendorSeverity": "HIGH",
"vendorUpdatedAt": "Nov 25, 2022, 11:15:00 AM",
"vulnerabilityId": "CVE-2022-40152",
"vulnerablePackages": [
{
"epoch": 0,
"filePath": "lib/woodstox-core-6.2.7.jar",
"fixedInVersion": "6.4.0",
"name": "com.fasterxml.woodstox:woodstox-core",
"packageManager": "JAR",
"remediation": "Update woodstox-core to 6.4.0",
"version": "6.2.7"
}
]
},
"remediation": {
"recommendation": {
"text": "None Provided"
}
},
"resources": [
{
"details": {
"awsLambdaFunction": {
"architectures": [
"X86_64"
],
"codeSha256": "+EwrOrht2um4fdVCD73gj+O7HJIAUvUxi8AD0eKHSkc=",
"executionRoleArn": "arn:aws:iam::111122223333:role/ExampleFunction-ExecutionRole",
"functionName": "Example-function",
"lastModifiedAt": "Nov 7, 2022, 8:29:27 PM",
"packageType": "ZIP",
"runtime": "JAVA_11",
"version": "$LATEST"
}
},
"id": "arn:aws:lambda:us-east-1:111122223333:function:ExampleFunction:$LATEST",
"partition": "aws",
"region": "us-east-1",
"tags": {
"TargetAlias": "DeploymentStack",
"SoftwareType": "Infrastructure"
},
"type": "AWS_LAMBDA_FUNCTION"
}
],
"severity": "HIGH",
"status": "ACTIVE",
"title": "CVE-2022-40152 - com.fasterxml.woodstox:woodstox-core",
"type": "PACKAGE_VULNERABILITY",
"updatedAt": "Jan 19, 2023, 7:20:25 PM"
}
}
- Lambda code vulnerability finding
{
"version":"0",
"id":"9df01cb1-df24-bc46-5650-085a4087e7aa",
"detail-type":"Inspector2 Finding",
"source":"aws.inspector2",
"account":"111122223333",
"time":"2023-12-07T22:14:45Z",
"region":"us-east-1",
"resources":[
"arn:aws:lambda:us-east-1:111122223333:function:code-finding:$LATEST"
],
"detail":{
"awsAccountId":"111122223333",
"codeVulnerabilityDetails":{
"detectorId":"python/lambda-override-reserved@v1.0",
"detectorName":"Override of reserved variable names in a Lambda function",
"detectorTags":[
"availability",
"aws-python-sdk",
"aws-lambda",
"data-integrity",
"maintainability",
"security",
"security-context",
"python"
],
"filePath":{
"endLine":6,
"fileName":"lambda_function.py",
"filePath":"lambda_function.py",
"startLine":6
},
"ruleId":"Rule-434311"
},
"description":"Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior or failure of the Lambda function.",
"findingArn":"arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID",
"firstObservedAt":"Aug 8, 2023, 7:33:58 PM",
"lastObservedAt":"Dec 7, 2023, 10:14:45 PM",
"remediation":{
"recommendation":{
"text":"Your code attempts to override an environment variable that is reserved by the Lambda runtime environment. This can lead to unexpected behavior and might break the execution of your Lambda function.\n\n[Learn more](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime)"
}
},
"resources":[
{
"details":{
"awsLambdaFunction":{
"architectures":[
"X86_64"
],
"codeSha256":"2mtfH+CgubesG6NYpb2zEqBja5WN6FfbH4AAYDuF8RE=",
"executionRoleArn":"arn:aws:iam::193043430472:role/service-role/code-finding-role-7jgg3wan",
"functionName":"code-finding",
"lastModifiedAt":"Dec 7, 2023, 10:12:48 PM",
"packageType":"ZIP",
"runtime":"PYTHON_3_7",
"version":"$LATEST"
}
},
"id":"arn:aws:lambda:us-east-1:193043430472:function:code-finding:$LATEST",
"partition":"aws",
"region":"us-east-1",
"type":"AWS_LAMBDA_FUNCTION"
}
],
"severity":"HIGH",
"status":"ACTIVE",
"title":"Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior.",
"type":"CODE_VULNERABILITY",
"updatedAt":"Dec 7, 2023, 10:14:45 PM"
}
}