high

Non-Production AWS Endpoints as Attack Surface

Published Tue, May 28th, 2024

Platforms

Summary

Researchers identified non-production AWS API endpoints that could be abused for defense evasion, including silent permission enumeration, accessing account data without logging, and partially bypassing CloudTrail. AWS has remediated specific issues but thousands of such endpoints may exist.

Affected Services

ECR, Cost Explorer, Route 53 Resolver, IVS

Remediation

None required. AWS has remediated the specific vulnerabilities disclosed.

Tracked CVEs

No tracked CVEs

References

https://securitylabs.datadoghq.com/articles/non-production-endpoints-as-an-attack-surface-in-aws/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Tue, Jun 27th, 2023

Exploitability Period

2023/06/27 - 2024/05/27

Known ITW Exploitation

Detection Methods

Monitor for API calls to non-standard AWS endpoints. Review CloudTrail logs for unusual event sources or missing expected events.

Piercing Index Rating

Discovered by

Nick Frichette, Datadog Security Labs

More vulnerabilities...

Internal Azure Container Registry writable via exposed secret

A Microsoft employee accidentally published credentials via a git commit to a public repository. These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Az...

Yakir Kadkoda, Assaf Morag,...May 16, 2024

critical

Lethal Injection

Multiple vulnerabilities were uncovered in Azure Health Bot service, Microsoft's health chatbot platform. These could have potentially exposed sensitive user data and granted attackers extensive co...

Yanir Tsarimi, BreachproofMay 7, 2024

medium

GraphNinja

A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection. The issue involved switching the 'common' authentication endpoint with that of an unrelated...

Nyx Geek, TrustedSecApr 29, 2024

View all