CVSS 3.1 Score 7.1 of 10 (high)


Published Dec 22, 2023
Updated: Jan 8, 2024
CWE ID 284


CVE-2023-50928, also known as "Sandbox Accounts for Events," is a cyber vulnerability affecting the Sandbox Accounts for Events feature. This feature provides authenticated users with temporary AWS accounts through a browser-based GUI. The vulnerability allows authenticated users to claim and access empty AWS accounts by sending request payloads containing non-existent event ids and self-defined budget and duration. However, it is important to note that this issue only affects cleaned AWS accounts and does not provide access to accounts in use or existing data/infrastructure. To remediate this vulnerability, users should update to version 1.1.0, which includes a patch for this issue. The potential danger posed by this vulnerability is rated as high, with a base severity score of 7.1 out of 10, according to security advisories on GitHub.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50928 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options