Publication Date: 2025/03/04 10:30 AM PST
Description
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2.
Affected versions: <1.2.2
Resolution
A fix has been released in version 1.2.2.
Please refer to the "Update TEAM solution" documentation for instructions on upgrading.
References
Acknowledgement
We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process.
Please email aws-security@amazon.com with any security questions or concerns.