medium

Bedrock API Logging Issue

Published Thu, Dec 12th, 2024

Platforms

Summary

Sysdig's Threat Research Team discovered an issue with Amazon Bedrock API logging in CloudTrail. Failed API calls were logged as successful without error codes, hindering detection efforts and potentially generating false positives. The issue affected Bedrock Runtime APIs, specifically InvokeModel and Converse. AWS resolved the problem.

Affected Services

Amazon Bedrock, CloudTrail

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://sysdig.com/blog/bedrock-slip-sysdig-trt-discovers-cloudtrail-logging-missteps/

Contributed by https://github.com/mer-b

Entry Status

Finalized

Disclosure Date

Wed, Jul 17th, 2024

Exploitability Period

Until 2024/08/09

Known ITW Exploitation

Detection Methods

null

Piercing Index Rating

Discovered by

Alessandro Brucato, Sysdig

More vulnerabilities...

high

Code Execution in Azure API Management Developer Portal

A vulnerability in Azure API Management Developer Portal allows arbitrary code execution and secret exfiltration. The issue stems from a workflow that loads untrusted data from opened issues, poten...

Alvaro Munoz, GitHub Securi...Dec 11, 2024

high

ModeLeak: LLM Model Exfiltration Vulnerability in Vertex AI

A vulnerability in GCP's Vertex AI service allows privilege escalation and unauthorized access to sensitive LLM models. Attackers can exfiltrate these models by exploiting misconfigurations in acce...

Ofir Balassiano, Ofir Shaty...Nov 12, 2024

high

Sketchy Cheat Sheet

Multiple vulnerabilities were discovered in Google's Cloud Architecture Diagramming Tool, including XSS, unauthorized access to user data, and misconfigured storage buckets. The issues allowed acce...

Jakub Domeracki, EgnyteNov 9, 2024

View all