medium

CloudTrail bypass for AWS Service Catalog

Published Sun, Mar 19th, 2023

Platforms

Summary

Due to an exposed development endpoint, it was possible to bypass CloudTrail logging for both read and write API actions for the Service Catalog service. This could have enabled adversaries to alter Service Catalog resources undetected after gaining a foothold in a victim AWS environment.

Affected Services

Service Catalog

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other/

Contributed by https://github.com/frichetten

Disclosure Date

Mon, Jan 30th, 2023

Exploitablity Period

Until 2023/02/07

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Nick Frichette, Datadog

More vulnerabilities...

medium

Super FabriXss

Azure Service Fabric Explorer (SFX) was affected by an XSS vulnerability that could have allowed a malicious script to be reflected off a web application. After a potential victim clicked on a craf...

Lidor Ben Shitrit, Orca Sec...

Tue, Mar 14th, 2023

medium

Overprivileged CodeBuild default ECR IAM policy

For AWS CodeBuild, when using a custom container image stored in ECR and the project service role for the credentials to pull the image, the default IAM policy attached to the role to allow pulli...

Will Deane, ASX Consulting

Sat, Feb 25th, 2023

critical

Azure AD B2C cryptographic flaw allowing account compromise

Azure Active Directory B2C service (AD B2C) mistakenly implemented RSA key authentication using the public part of the key pair instead of the private one. This cryptographic flaw could have allowe...

John Novak, Praetorian

Wed, Feb 15th, 2023

View all