low

Elastic Beanstalk - XSS in Web Console

Published Thu, Jun 3rd, 2021

Platforms

Summary

An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be displayed in the management console in the Elastic Beanstalk section. Due to improper sanitization, an attacker could insert an XSS payload that would execute in a victim's browser.

Affected Services

AWS Management Console

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://twitter.com/Frichette_n/status/1400517723910819844 https://frichetten.com/blog/xss_in_aws_console/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Sat, Mar 13th, 2021

Exploitability Period

March 2021 - June 2021

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Nick Frichette

More vulnerabilities...

critical

OMIGOD

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that would grant root RCE if an attacker could send a web request to them. Initially, Microsoft did not update the...

Nir Ohfeld, WizJun 1, 2021

high

Password Reset Code Brute-Force Vulnerability in AWS Cognito

A vulnerability in AWS Cognito's password reset function allowed attackers to brute-force the six-digit reset code, potentially leading to account takeovers. Using concurrent HTTP requests, an atta...

Tobias Ospelt, Pentagrid AGApr 30, 2021

medium

Privilege escalation in GCP OS Login

GCP provides an OS Login service for managing SSH access to compute instances using IAM roles. An attacker could abuse this feature via LXD, Docker (if available on the target system) and DHCP pois...

Chris MoberlyMar 17, 2021

View all