Dark C0d3rs

Medium
resolved

(Part 2) Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

Bug reported by Nick Frichette (Datadog) was disclosed at April 8, 2025, 4:14 pm   |   Insufficient Logging

The non-production API endpoints for the Datazone service failed to log to CloudTrail, resulting in silent permission enumeration. The vulnerability was discovered through certificate transparency monitoring, where three additional vulnerable endpoints were identified.