low

CloudTrail S3 data events leak bucket Account ID

Published Mon, Jul 27th, 2020
Platforms

Summary

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in error message that showed up in CloudTrail.

Affected Services

S3

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Mon, Jul 27th, 2020
Exploitablity Period
until 2022/07/08
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Jonathan Rault, TrustOnCloud