Medium
resolved
resolved
(Part 2) Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
Bug reported by Nick Frichette (Datadog) was disclosed at April 8, 2025, 4:14 pm | Insufficient Logging
The non-production API endpoints for the Datazone service failed to log to CloudTrail, resulting in silent permission enumeration. The vulnerability was discovered through certificate transparency monitoring, where three additional vulnerable endpoints were identified.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
