VDB

GCVE-110-CLOUD-2020-0012

GCVE-110-CLOUD-2020-0012
Advisory Published
Vulnetix · Advisory published September 28, 2020
AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0 were susceptible to information leakage (an attacker could create ciphertexts that would leak the user’s AWS account ID, encryption context, user agent, and IP address upon decryption), ciphertext forgery (an attacker could create ciphertexts that were accepted by other users) and lack of robustness (an attacker could create ciphertexts that decrypt to different plaintexts for different users).

Affected Products

VendorProductVersionsPlatforms
AWSKMS
AWSECR

References

advisory
advisory

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›