ALAS-2016-763 ---- cloud-initID: oval:org.secpod.oval:def:1600471 | Date: (C)2016-11-11 (M)2021-06-02 |
Class: PATCH | Family: unix |
It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AMI derived from a previously launched AMI could read and use the credentials
Platform: |
Amazon Linux AMI |