low

AWS CodeBuild Token Leakage

Published Sat, Feb 25th, 2023

Platforms

Summary

An attacker with elevated permissions in CodeBuild could leak the configured credentials for Github/Bitbucket. This was possible by configuring the http_proxy and https_proxy variables, which would allow you to capture the credentials via MITM.

Affected Services

AWS CodeBuild

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.halborn.com/blog/post/halborn-discovers-and-discloses-vulnerability-in-aws-code-build https://cloud.hacktricks.xyz/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Wed, Jan 18th, 2023

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Carlos Polop, Halborn

More vulnerabilities...

critical

Azure AD B2C cryptographic flaw allowing account compromise

Azure Active Directory B2C service (AD B2C) mistakenly implemented RSA key authentication using the public part of the key pair instead of the private one. This cryptographic flaw could have allowe...

John Novak, PraetorianFeb 15, 2023

medium

Azure App Service on Azure Stack Hub privilege escalation

A privilege escalation vulnerability was discovered in Azure App Service on Azure Stack Hub (an on-prem private cloud offering). To exploit this vulnerability, an attacker must have access to the t...

Ruslan Sayfiev, Denis Faius...Feb 14, 2023

high

AWS EC2 Autoscaling Privilege Escalation Vulnerability

A privilege escalation vulnerability in Amazon EC2 Autoscaling was identified. The CreateLaunchConfiguration action lacked PassRole validation, allowing users to launch EC2 instances with unauthori...

Shubham Agrawal, FINRAFeb 14, 2023

View all