AWS Patches Amazon Q Vulnerability Allowing Cloud Credential Theft via Malicious Repositories

AWS patched a vulnerability in Amazon Q that allowed attackers to steal cloud credentials through malicious code repositories. The flaw enabled unauthorized access to sensitive cloud environment data by exploiting the AI-powered service’s integration with repositories. AWS issued an advisory to inform customers about the potential impact of the vulnerability. No specific CVE ID, technical details, or dates were disclosed in the report. The issue was addressed without further elaboration on the scale or affected versions. The patch mitigates the risk of credential theft via compromised repositories.