Abusing AWS Serverless Image Handler Configuration Weakness
Published Wed, Feb 19th, 2025
Platforms
Summary
AWS solution 'Dynamic Image Transformation for Amazon CloudFront', prior to version 6.2.6, contains a configuration weakness. The Lambda role doesn't constrain bucket access, and the environment variable can be set to a wildcard, allowing access to any bucket. This could potentially lead to unintended access to sensitive images across multiple buckets in the AWS account.
Affected Services
Dynamic Image Transformation for Amazon CloudFront, AWS Serverless Image Handler
Remediation
Upgrade to version 6.2.6 or later of the AWS Serverless Image Handler. Ensure that the SOURCE_BUCKET variable is set to specific bucket names and not wildcards. Review and restrict IAM policies for Lambda functions to access only necessary S3 buckets.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitability Period
Until 6.2.6
Known ITW Exploitation
-
Detection Methods
Check the version of AWS Serverless Image Handler in use. Review Lambda function configurations, particularly the SOURCE_BUCKET environment variable and IAM roles. Audit S3 bucket access logs for unexpected access patterns from Lambda functions associated with this service.
Piercing Index Rating
-
Discovered by
Karim El-Melhaoui, O3 Cyber AS
