Paul Litvak (Intezer), Wouter ter Maat (Offensi)

A vulnerability in the Azure Linux VM extension mechanism allowed an unprivileged
user to leak any Azure VM extension’s private data. An attacker could have abused
this to gain credentials for the VM itself as well as credentials for extensions
associated with the VM. Paired with the design of the VMAccess extension (an official
Azure extension for managing VM credentials), this could have been used to achieve
privilege escalation, as an unprivileged attacker would have been able to elevate themselves
to a higher privileged user by leaking the VMAccess admin password. Additionally, if the VMAccess
password happened to be shared among other Azure VMs, the attacker would have been able to perform
lateral movement to other machines. The root cause of this vulnerability was that the
certificates endpoint used for decrypting extension credentials did not validate transport
certificates, so an attacker could simply issue their own valid transport certificate.
Moreover, although an iptables rule was in place to prevent unprivileged access to this
endpoint, an attacker could bypass it by directing their requests to the Azure IMDS instead,
which happened to be located on the same machine as the certificates endpoint.


Azure Linux VM extension credential leak

James Sebree

The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for
privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed.
Incorrect permissions on the cxprocessserver service's executable directory allowed new files to be
created in it by any user. Since the service ran automatically and with SYSTEM privileges and attempted
to load DLLs from the directory, this allowed for a DLL hijacking / planting attack.


Microsoft Azure Site Recovery DLL hijacking

Ian Duffy

Full administrative access to the Azure Red Hat Enterprise Linux Appliance REST API was publicly exposed.
It allowed malicious actors uploading packages that would be acquired by client virtual machines on their next yum update. 
The vulnerable infrastructure supplies all the packages for all Red Hat Enterprise Linux instances booted from the Azure marketplace.


Public admin access to Azure's Red Hat Update Infrastructure

s1r1us

AI Hub Jupyter Notebook server lacked a check of the Origin header that
led to a CSRF vulnerability. An attacker could have read sensitive data and execute
arbitrary actions in customer environments.


AI Hub Jupyter Notebook instance CSRF

James Kettle (Portswigger), Arkadiy Tetelman (Chime)

ALBs found vulnerable to HTTP request smuggling (desync attack).


ALB HTTP request smuggling

Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro

Researchers, while investigating the security posture of Public AMIs, were
able to undelete files from an official image that was published by Amazon AWS.


AWS published official AMIs with recoverable deleted files

Lidor Ben Shitrit

By misusing the Apiary web service and taking advantage of Apiary's use of IMDSv1,
a remote attacker is able to retrieve sensitive information from various endpoints
and use it to gain more access and sensitive data of other hosts in the same environment.


Oracle Apiary SSRF

Daniel Grzelak

3rd party vendors can (and sometimes do) incorrectly implement sts:ExternalId in their
AWS role trust policies, leading to confused deputy issues. These misconfigurations could
allow customers to access other customers' data. Although vendors are responsible for
ensuring their own configurations are correct, AWS could theoretically add mitigations
to prevent and detect this issue.


3rd party vendor confused deputy via AssumeRole

Elad Gabay

Any unattached storage volume, or attached storage volumes allowing multi-attachment,
could have been read from or written to as long as an attacker knew their Oracle Cloud Identifier (OCID),
allowing sensitive data to be exfiltrated or even more impactful attacks to be initiated via
executable file manipulation in the target tenant's environment.


AttachMe

Yanir Tsarimi

An exposed endpoint in the Azure Automation Service allowed to steal Azure
API credentials from other customers


AutoWarp

Daniel Thatcher

A flaw in AWS API Gateway enabled hiding HTTP request headers. Tampering
with HTTP requests visibility enabled bypassing IP restrictions, cache poisoning
and request smuggling.


AWS API Gateway HTTP header smuggling

Felix Wilhelm

Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster
through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator). Multiple issues
were identified in the authenticator that could have allowed exploitation, namely (1) a
lax regular expression used to verify presigned URLs; (2) HTTP client redirect follow
(due to using Golang HTTP client in its default configuration); (3) use of the Golang URL.Query
function (which silently drops parameters that Go considers invalid, rather than raising
an error and rejecting invalid tokens); and (4) no verification that the cluster uses Go
versions newer than 1.12 (as older versions are vulnerable to request smuggling).


Multiple issues in AWS IAM Authenticator for Kubernetes

If attacker controlled data is viewed in Cloudshell it could have led to
code execution. This exact same issue existed in Azure previously.


AWS CloudShell terminal escape

Spencer Gietzen

The AWS CodeStar service had an undocumented API (codestar:CreateProjectFromTemplate) that allowed
users with broadly-scoped CodeStar permissions to create a CodeStar project. As part of the creation
process, AWS would create a new CodeStarWorker IAM policy & attach it to the user making the call.
This policy granted full access to over 50 AWS services, including iam:AttachRolePolicy, iam:AttachUserPolicy and iam:PutRolePolicy permissions,
which would allow the user to escalate to full administrator access. Following disclosure, AWS removed
the majority of access granted by the CodeStarWorker policy, but this is still a viable escalation path if
there are other misconfigurations in the environment.


IAM privilege escalation via undocumented CodeStar API

An AWS employee pushed sensitive data to a public github bucket, including customer information and credentials.
Note: This issue is outside the scope of this database's usual criteria for inclusion,
but has been kept for historic reasons, as it was included in the original CSP Security Mistakes dataset.


AWS uploaded sensitive data to public GitHub bucket

Information about this issue is under NDA, but AWS customers can read about it on pages 120-121 of the report,
which is available for download through AWS Artifact.
Note: This issue is outside the scope of this database's usual criteria for inclusion, but has
been kept for historic reasons, as it was included in the original CSP Security Mistakes dataset.


AWS SOC 2 type 2 failure (Fall 2020)

Information about this issue is under NDA, but AWS customers can read about it on page 98 of the report,
which is available for download through AWS Artifact.
Note: This issue is outside the scope of this database's usual criteria for inclusion, but has
been kept for historic reasons, as it was included in the original CSP Security Mistakes dataset.


AWS SOC 2 type 2 failure (Fall 2021)

AWS offers a metadata service accessible to most EC2 Instances via a simple GET request to 169.254.169.254.
If an instance has an SSRF vulnerability, attackers can access the metadata service & exfiltrate the credentials 
of an attached IAM role to gain privileged access to the relevant AWS environment.


AWS IAM role credential exfiltration via EC2 Instance Metadata Service (IMDSv1)

Two malicious versions were created of packages previously used by AWS.
The packages were officially authored and maintained by AWS before they
were removed by their legitimate author, and once the packages were
removed, their names became available and the two packages were then
populated with malicious code. If AWS-deployed software had any dependencies
on these packages, this would have led to a dependency confusion attack.


AWS package backfill attack

Gafnit Amiga

A vulnerability was discovered in the Aurora PostgreSQL log_fdw extension
for Amazon Relational Database Service (RDS), allowing an attacker to read
files on the EC2 host and obtain credentials for an internal AWS service.


AWS RDS local file read

Riyaz Walikar

The AWS RDS service does not enable secure transport layer security by default, allowing clients to connect insecurely.
Additionally, for the more commonly used MySQL and MariaDB RDS engine types, this setting cannot be enabled at all.


AWS RDS does not enforce SSL/TLS encryption

Ryan Gerstenkorn

An attacker with sufficient privileges in AWS to modify the route table
and some other EC2 privileges, could pretend to be a metadata server and provide
an attacker controlled bootup script to EC2s to move laterally.


Route table modification to imitate metadata service

Jonathan Rault

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of
any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource
key in error message that showed up in CloudTrail.


CloudTrail S3 data events leak bucket Account ID

Colin Percival

When making authenticated API requests to AWS, the requests must be signed
with your AWS access key. The initial signing algorithm, SigV1, was vulnerable
to collisions. A person-in-the-middle attack would be able to modify signed requests
via specially constructed collisions.


Signature version 1 (SigV1) is insecure

Osama Elnaggar

AWS WAF using the Core Rules set allowed SQL injection. In AWS WAF only the first 8 KB (8,192 bytes) of the request body are forwarded to AWS WAF for inspection, but AWS Managed rules allowed requests up to 10 KB.
An attacker could send a request larger than 8 KB but smaller than 10 KB, with a malicious payload located after the first 8,192 bytes, and thereby pass the WAFs inspection. 
To fix this issue, AWS reduced the request size limit to 8 KB.


AWS WAF configuration allows SQL injection

Nick Frichette

An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be displayed in the management console in the Elastic Beanstalk section. Due to improper sanitization, an attacker could insert an XSS payload that would execute in a victim's browser.


Elastic Beanstalk - XSS in Web Console

Chen Cohen

An attacker could gain root privileges on their Azure Cloud Shell container,
escape from the container, and then gain root privileges on the underlying node,
the root cause being an insecure kubelet port (10250), among other cluster misconfigurations.
Once they could access the node filesystem, an attacker could extract kubelet API
credentials which allowed listing all pods and nodes in the cluster, including
those belonging to other tenants. Moreover, an attacker could bypass RBAC policies
in the cluster by deploying a pod with the "NodeSelector" flag, and thereby escalate
their privileges to root on other tenants' containers (the same issue affected
Azure Container Instances).


Azure Cloud Shell and Container Instances breakout

An issue in Azure Cloud Shell could have allowed an attacker to take over
an Azure App Service domain and leverage it to inject and execute
commands in other tenants' terminals if they navigated to the domain while
logged into their account. Using this method, an attacker could query the
Azure IMDS on other tenants' behalf and thereby obtain their access tokens.


Azure Cloud Shell access token theft

If attacker controlled data is viewed in Cloudshell it could have led to
code execution. This exact same issue was later discovered in AWS as well.


Azure Cloud Shell terminal escape

Undocumented Azure AD APIs could allow access to internal information of any organization
that uses Azure AD. Collected details included licensing information, mailbox information, and
directory synchronization status.


Azure AD information disclosure via undocumented APIs

Josh Magri

Azure Logic Apps use API Connections to authenticate actions to services. Having Contributor access to
an Azure Resource Manager (ARM) API Connection would allow someone to create arbitrary role assignments as the connected user.
This was supposed to be limited to actions at the Resource Group level, but an attacker could escape to the Subscription or Root level with a path traversal payload.
The root cause of this behavior was that such a payload would meet the Swagger API definition,
and it would be resolved by the server, resulting in a request to an unintended scope.


Logic Apps privilege escalation to root

Patrick Hudak

Patrick Hudak demonstrated possible subdomain takeover using the Traffic Manager in Azure.


Subdomain takeover via Azure Traffic Manager

Divyanshu Shukla

Azure Web Application Firewall (WAF) with OWASP 3.2 managed rule set and below was
vulnerable to command injection bypass using globbing patterns (incorporating the
wildcard "?" in command syntax). For example, while attempting access to "/etc/passwd"
would be blocked, a command targeting "/et?/passwo?d" would be allowed.


Azure WAF managed rule set globbing pattern bypass

Yuval Avrahami

Azurescape

Tzah Pahima

Read access of host of AWS internal Cloudformation service via XXE SSRF.
The level of access with the compromised IAM role from there is unclear.


BreakingFormation

Etienne Champetier

An attacker with access to a hostNetwork=true container with CAP_NET_RAW
capability can listen to all the traffic going through the host and inject arbitrary
traffic, allowing to tamper with most unencrypted traffic (HTTP, DNS, DHCP, ...),
and disrupt encrypted traffic. In GKE the host queries the metadata service at
http://169[.]254.169.254 to get information, including the authorized SSH keys.
By manipulating the metadata service responses and injecting our own SSH key, it
is possible to gain root privilege on the host.


GKE and EKS CAP_NET_RAW metadata service MITM root privilege escalation

Nir Ohfeld, Sagi Tzadik

Azure's Cosmos DB database service was vulnerable to remote account takeover.
Any Azure user could gain full admin access to other customers' Cosmos DB instances without authorization.
The vulnerability had a trivial exploit that doesn't require any previous access to the target environment.


ChaosDB

Peter Collins

Executing Cloud Functions in any project and in any organization allows bypassing the GKE Authorized Networks (aka Kubernetes 
control plane firewalls) of a cluster in a different project or organization.


GKE Authorized Networks bypass via Cloud Functions

Ian Mckay

An attacker with the ability to create CloudFormation stacks could cause
a denial-of-service on some CloudFormation actions within a single AWS account.


CloudFormation denial of service (in a single account)

Aidan Steele

CloudFormation allows the use of Lambda-backed resource providers,
wherein Lambda can be used to write custom provisioning logic to be
executed during CloudFormation stack operations. The aforementioned
Lambda functions were executed in an AWS-managed account (thus
effectively allowing arbitrary code execution in that account),
and were passed a set of credentials ("platformCredentials") for a
role in this account that had several EventBridge permissions.
These were sufficient for an attacker to create new rules in the AWS-managed
account that leaked credentials belonging to other users of resource
providers. For example, creating a rule that matched events with
{"detail-type": ["AWS API Call via CloudTrail"]} exposed records
of other tenants' API calls, which included copies of credentials
for roles in other tenants' accounts.


CloudFormation resource provider credentials leak

Karim El-Melhaoui

An audit of an AWS open-source project identified a great deal of issues, and as a result AWS made the decision to take it down.


CloudFormer review

Shir Tamari, Nir Ohfeld, Sagi Tzadik, Ronen Shustin

In GCP's case, they introduced a modification to the Cloud SQL's PostgreSQL engine allowing the role assigned to the
tenant (cloudsqlsuperuser) to arbitrarily change the ownership of a table to any user
or role in the database. Thus, an attacker could (1) create a new table, (2) create an
index function with a malicious payload, and (3) change the table owner to GCP’s superuser
role (cloudsqladmin). Next, by initiating an ANALYZE command, the malicious function is
executed with GCP’s superuser high privileges. Then, an attacker could gain local privilege
escalation to root using a symlink attack, and finally, having gained CAP_NET_ADMIN and
CAP_NET_RAW capabilities, escape their container via TCP injection of a fake configuration
response from the metadata service containing an attacker-controlled SSH key (this is only
possible due to the fact that communication with GCP's metadata service is unencrypted and unsigned).
A similar bug existed in Azure Database for PostgreSQL, and was part of ExtraReplica's vulnerability chain.


Cloud SQL escape to host

When customers attach a CodeBuild project to their VPC, CodeBuild’s build container
will apply the same network routing rules as defined in the customer’s VPC Security Group.
However, CodeBuild EC2 hosts retained Internet connectivity via AWS's own VPC, thus allowing
an attacker to bypass any custom VPC rules the customer had set up, and use CodeBuild for
data exfiltration from the targeted environment. AWS later updated the CodeBuild service
to block all outbound network access for newly created CodeBuild projects which contain a
customer-defined VPC configuration.


Codebuild data exfiltration

Opsmorph discovered an improper access control vulnerability in authorization logic common in applications built on AWS. The vulnerability means a user 
with permission to create a new Cognito User Group could fool authorization checks into thinking that the user is in any other existing Cognito User 
Group in the same User Pool, referred to as user group spoofing. 
When API Gateway is secured with a Cognito User Pool Authorizer it concatenates group names from the identity token into a comma separated string, 
and as Cognito also permits commas in the group names, this was an ambiguous representation of the groups a user was in that provided an opportunity 
for injection type attack. AWS have since fixed the Cognito User Pool Authorizer so that it now escapes special characters when parsing the groups claim
of the token.


Cognito User Group spoofing

Megan Marsh

Attackers had put malicious AMIs in the marketplace to abuse the CLI''s
way of selecting what AMI to use. Although the concept of planting  malicious
AMIs had existed for a while (ex. in the 2009 presentation "Clobbering the clouds"
by Nicholas Arvanitis, Marco Slaviero, and Haroon Meer) it had not been used specifically
to target this issue with the CLI.


Launching EC2s did not require specifying AMI owner

Ronen Shustin

A Vulnerability in App Service could allow an unprivileged function run by the user to execute code in the 
context of NT AUTHORITY\system, thereby escaping the sandbox. This vulnerability allowed cross-account access 
when using the Free/Shared tier.


Azure App Service RCE

David Yesland

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their
web browser with attacker controlled content, the attacker can get zero click
RCE under common circumstances.


AWS Workspace client RCE

Karl Fosaaen

Automation Account 'Run as' credentials (PFX certificates) were being stored
in cleartext, in Azure Active Directory (AAD). These credentials were available
to anyone with the ability to read information about App Registrations (typically
most AAD users).


CredManifest (Azure AD keyCredential property information disclosure)

Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator).
aws-iam-authenticator can be installed on any Kubernetes cluster, and it is installed by default in any EKS cluster both on AWS cloud and on-premises (Amazon EKS Anywhere).
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
The bug allowed an attacker to (1) craft a malicious token with any action value, (2) without signing the cluster ID, (3) that would manipulate the AccessKeyID value.
Essentially, in clusters using aws-iam-authenticator, if an {{AccessKeyID}} was mapped to an IAM user with cluster admin privileges, any non-privileged user could have escalated their privileges to cluster admin.


AWS IAM Authenticator for Kubernetes AccessKeyID Validation Bypass

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM,
which can lead to privilege escalation and an information disclosure vulnerability
that allows the user's Net-NTLMv2 hash to be leaked via a UNC path in a VPN configuration file.


Privilege Escalation to SYSTEM in AWS VPN Client

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that allowed privilege escalation
(note that this vulnerability is different than OMIGOD, which also resided in the OMI agent).


Azure Open Management Infrastructure (OMI) Elevation of Privilege

Matthias Gerstner

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file,
which would have allowed local attackers to inject Sudo rules and escalate privileges to root.
This could occur in certain situations involving a race condition.


AWS SSM agent local privilege escalation

Aviv Sasson

A vulnerability in Service Fabric allows Linux containers to escalate their privileges in
order to gain root privileges on the node, and then compromise all of the nodes in the cluster.
An attacker would need to have read/write access to the cluster, and the vulnerability could be
exploited on containers that are configured to have runtime access, but this is granted by default
to every container. Though the bug exists in both the Windows and Linux versions, it is only
exploitable on Linux.


FabricScape (CVE-2022-30137) - Azure Service Fabric privilege escalation

Mike Brancato

Dataflow worker nodes ran an unauthenticated Java Management Extensions (JMX) service that under
certain circumstances would be exposed to the Internet, thus allowing unauthenticated remote code
execution (RCE) as root in an unprivileged container. The impact of the vulnerability depended on
which service account qA assigned to Dataflow worker nodes (by default, that would be the Google
Compute Engine default service account, which has the project-wide Editor role assigned).


Dataflow RCE via unauthenticated JMX service

Ignacio Dominguez

AWS CodeArtifact was susceptible to dependency confusion / substitution (i.e, publication of a
malicious package to a public repository with the same name as an organization’s internal package).
AWS fixed this issue by adding package origin controls, allowing users to limit how versions of a
given package can be added to a CodeArtifact repository.


Dependency confusion in AWS CodeArtifact

Imre Rad

Under certain conditions, an attacker can flood DHCP packets to the victim
VM, allowing it to impersonate the Metadata server, and grant themselves SSH access.


DHCP abuse for code exec

Johann Rehberger

XSS on EC2 web console

Andrea Brancaleoni

While testing rate-limiter protection, The researcher noticed that when forcing HTTP/1 requests and injecting 
a space after `X-Forwarded-For` he was able to override this specific header, letting him impersonate any IP.
Any internal header could have beem overridden, also the one that should not be exposed/forwarded by the
client, such as `CloudFront-Viewer-Country-Region` or any other `CloudFront` enhanced header. 
This special security issue was affecting all AWS users with that a specific setting enabled.


ELB Cache mechanism HTTP header smuggling

Kasif Dekel

Several cloud desktop solutions rely on a 3rd-party library called Eltima SDK to provide
USB over Ethernet capabilities, to allow users to connect and share local devices such as
webcams. SentinelLabs discovered vulnerabilities in Eltima drivers, including proprietary
versions used by several cloud services (among them AWS Workspaces), that would allow
unprivileged users to escalate privileges to kernel mode.


LPE vulnerability in Eltima (3rd-party cloud desktop driver)

Thai Duong (thaidn)

AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0 were susceptible to
information leakage (an attacker could create ciphertexts that would leak the user’s AWS account ID,
encryption context, user agent, and IP address upon decryption), ciphertext forgery (an attacker could
create ciphertexts that were accepted by other users) and lack of robustness (an attacker could create
ciphertexts that decrypt to different plaintexts for different users).


Encryption SDK vulnerabilities

Sagi Tzadik, Nir Ohfeld, Shir Tamari, Ronen Shustin

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server,
allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenant isolation.
If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.


ExtraReplica

Karan Saini, Riyaz Walikar

Cloud Armor has a documented limitation of 8 KB as the maximum size of web
request that it will inspect. The default behavior of Cloud Armor in this case can allow
oversized malicious requests to bypass Cloud Armor and directly reach an underlying application.
Moreover, Cloud Armor does not warn users of this limitation during policy creation
or when configuring rules from within the web UI, and can only find a reference to
the 8 KB limit in the [Cloud Armor documentation](https://cloud.google.com/armor/docs/security-policy-overview).


Google Cloud Armor packet size bypass

Wouter ter Maat

Wouter ter Maat discovered 9 vulnerabilities in GCP Cloudshell that could
allow an attacker to access resources in another customer's environment. 


GCP Cloudshell Vulnerabilities

When the compute API is enabled on a GCP Project, the default compute account
is created. This account gets the primitive role Editor assigned by default, which
allows for a wide variety of privilege excalation and resource abuse in the project.
Especially, all new VMs created inherit this permissions by default. This issue
is arguably a technical decision by GCP, but the documents advise customers to
undo this.


GCP Default compute account is project Editor

Allison Donovan, Dylan Ayrey

Composer, Dataflow, Dataproc, Dataprep and Data Fusion all used the Compute Engine
default service account by default and relied on product-level IAM permissions
without requiring the iam.serviceAccount.actAs permission, meaning that users of
these services could elevate their privileges. Following disclosure, GCP changed
these services to require this permission.


IAM privilege escalation in multiple GCP services

Unknown

Convincing a victim to click a specially crafted link would allow the attacker
to bypass the Identity-Aware Proxy (a core component of BeyondCorp).


GCP IAP bypass

Kat Traxler

Allows an attacker with privileges in the account to share resources outside
of the account even when an org policy restricts this, thus enabling them to backdoor
their access.


Org policies bypass

Upon blocking a request, GCP Org policy constraints were logging the deny
logs in Principal''s project and the blocking project. An attacker could use those
logs to exfiltrate any data, by making request from a Principal they own from
a defender project.


Exfiltrate data via the logs of GCP Org policy

Chris Moberly

GCP provides an OS Login service for managing SSH access to compute instances using IAM roles.
An attacker could abuse this feature via LXD, Docker (if available on the target system) and
DHCP poisoning of the metadata server to escalate their privileges on a Google Compute Engine VM.


Privilege escalation in GCP OS Login

Unit 42 researchers disclosed several vulnerabilities and attack techniques in GKE Autopilot to Google, the root cause being insufficient verification of allowlisted workload image names. 
An attacker with permissions to create a pod could have abused these vulnerabilities to (1) escape their pod and compromise the underlying node, (2) escalate privileges and become full cluster administrators, 
and (3) covertly persist administrative access through backdoors that are completely invisible to cluster operators.


Autopilot node compromise via allowlisted workload masquerade

Bastien Chatelard

A bug in the GKE gVisor sandbox's network policy implementation allowed access to the Google Compute Engine metadata API.


GKE gVisor sandbox escape

GuardDuty detected CloudTrail being outright disabled, but did not detect if an attacker with the
necessary permissions filtered out all events from CloudTrail via PutEventSelectors, resulting in
defenders having no logs to review. AWS fixed this issue by adding a GuardDuty detection that
triggers if PutEventSelectors is used to disable all event types.


GuardDuty detection bypass via cloudtrail

AWS have released or changed managed IAM policies in unexpected and insecure ways.
Examples include: CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy,
AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller. The worst
being the ReadOnlyAccess policy having almost all privileges removed and unexpected
ones added.


Lack of internal change controls for IAM managed policies

Multiple findings

AWS has previously provided managed policies or guidance in documentation
for policies with mistakes that allow them to be bypassed. Additionally,
some policies are over-privileged. Date of disclosure is for the first issue of
this type, while references provide other examples by various individuals.


The Open Cloud Vulnerability
& Security Issue Database

Tags:

Recently published

Azure Cloud Shell access token theft

Gafnit Amiga, Lightspin

AttachMe

Elad Gabay, Wiz

Synapse Spark LPE

Tzah Pahima, Orca Security

Cloud SQL escape to host

Shir Tamari, Nir Ohfeld, Sa...

S3 Replication only logs first destination bucket

Kat Traxler

Dependency confusion in AWS CodeArtifact

Ignacio Dominguez, Zego

The Open Cloud Vulnerability & Security Issue Database

Tags:

Recently published

Azure Cloud Shell access token theft

Gafnit Amiga, Lightspin

AttachMe

Elad Gabay, Wiz

Synapse Spark LPE

Tzah Pahima, Orca Security

Cloud SQL escape to host

Shir Tamari, Nir Ohfeld, Sa...

S3 Replication only logs first destination bucket

Kat Traxler

Dependency confusion in AWS CodeArtifact

Ignacio Dominguez, Zego

The Open Cloud Vulnerability
& Security Issue Database