Headline
CVE-2023-43784: Why in plesk firehouse Aws keys are public ?
** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor’s position is that there is no security threat.
- #1
Your OS version
Cloud Linux
Plesk version
Plesk Onyx Version 17.8.11
{
"stream": "plesk-17.0-ux",
"region": "us-west-2",
"accessKeyId": "BajksdjasdiuahoOHUEUNN",
"secretAccessKey": "p+asd;kmIOJIdmdm435;mdaisd49dkmpamd",
"endpoint": "firehose.us-west-2.amazonaws.com",
"httpOptions": {
"connectTimeout": 1000,
"timeout": 1000
}
}
- #2
There has been an internal discussion in the past about this topic. Plesk is aware of it, but the specific usage case of these visible keys is no security threat. If you would like to discuss your concerns in detail, please open a ticket with Plesk support for specificially your case.