Preface: AWS launched Kiro to make it the default entry point for cloud development. When developers open Kiro, it is already pre-configured with deep connections to AWS services (such as Lambda, S3, and Bedrock), making “cloud-native development” an out-of-the-box experience. Since Kiro includes an LLM, Kiro is involved in whatever the developer does. The advantage is that any incorrectly programmed code, Kiro will advise. On the other hand, all programmer thinking will also be learned by Kiro!
Background: Visual studio code capable multi-root workspace over a folder. VS Code that allows you to configure multiple distinct folders to be part of the same workspace. Instead of opening a folder as workspace, you open a <name>[.]code-workspace JSON file that lists all folders of the workspace. In Kiro-IDE, if a user clicks “Trust this Workspace” for the [.]code-workspace file, the IDE may incorrectly extend that trust to all folders listed in the JSON. A threat actor can include a folder they control—containing a malicious [.]kiro/scripts[.]json or [.]vscode/settings[.]json—which then executes with the user’s full permissions because the parent workspace was marked as “trusted.”
Vulnerability details: Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. To remediate this issue, users should upgrade to version 0.8.0 or higher.
Official announcement: Please refer to the link for more details –