low

CloudTrail S3 data events leak bucket Account ID

Published Mon, Jul 27th, 2020
Platforms

Summary

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in error message that showed up in CloudTrail.

Affected Services

S3

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/jon-trust
Entry Status
Finalized
Disclosure Date
Mon, Jul 27th, 2020
Exploitablity Period
until 2022/07/08
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Jonathan Rault, TrustOnCloud

More vulnerabilities...

low

CloudTrail S3 data events leak bucket Account ID

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in err...

...
Jonathan Rault, TrustOnCloud

low

CloudTrail S3 data events leak bucket Account ID

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in err...

...
Jonathan Rault, TrustOnCloud

low

CloudTrail S3 data events leak bucket Account ID

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in err...

...
Jonathan Rault, TrustOnCloud

View all