Lucene search
Redhat.comRH:CVE-2020-8911HistoryAug 18, 2020 - 7:29 p.m.
CVE-2020-8911
2020-08-1819:29:14
redhat.com
access.redhat.com
40
0.001 Low
EPSS
Percentile
20.2%
A flaw was found in the AWS S3 Crypto SDK that allows users to encrypt files stored in S3 buckets with AES-CBC, without computing a MAC on the data. This allows for a padding oracle, enabling attackers with both write access to the target S3 bucket and the ability to observe the result of valid decryption attempts to potentially recover original plaintext. This is not an issue if files in S3 buckets are not encrypted with CBC mode, which is disabled in V2 of the AWS S3 Crypto SDK.
Related
cgr
cgr
CVE-2020-8911 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2020-8911
2020-08-11 20:15:13
veracode
veracode
Information Disclosure
2022-02-14 06:45:00
nvd
nvd
CVE-2020-8911
2020-08-11 20:15:13
gitlab
gitlab
Use of a Broken or Risky Cryptographic Algorithm
2022-02-11 00:00:00
wolfi
wolfi
CVE-2020-8911 vulnerabilities
2024-07-05 21:08:40
cvelist
cvelist
CVE-2020-8911 CBC padding oracle in AWS S3 Crypto SDK for GoLang
2020-08-11 19:20:14
prion
prion
Design/Logic Flaw
2020-08-11 20:15:00
osv
osv
Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go
2022-02-11 23:26:26
In-band key negotiation issue in AWS S3 Crypto SDK for golang
2022-02-11 23:23:13
CBC padding oracle issue in AWS S3 Crypto SDK for golang
2022-02-11 23:26:26
github
github
CBC padding oracle issue in AWS S3 Crypto SDK for golang
2022-02-11 23:26:26
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
2022-07-13 00:00:39
redhat
redhat
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55