Harmonix On Aws
Approved changes feed: RSS · Atom
cpe:2.3:a:aws:harmonix_on_aws:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aws (e6707f00-6abb-51df-808c-9e3417305027) |
|---|---|
| Product | Harmonix On Aws (d4c4c676-06e8-5384-b786-c4a729ceca7a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-14503 |
vulnerable | 2026-06-03 14:58:55.440064 |
Overly Permissive Trust Policy in Harmonix on AWS EKS
HIGH (7.2)
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.
We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.
Published: 2025-12-15T19:45:00.729Z
Updated: 2026-02-26T16:07:40.181Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.