high

IAM Policy Flaw Allowed Unauthorized Access to Bedrock Models

Published Sun, Mar 24th, 2024

Platforms

Summary

TrustOnCloud identified a flaw in how AWS Bedrock enforces IAM access controls using the aws-marketplace:ProductId condition key, which is meant to restrict subscriptions to specific foundation models. Their testing revealed that some Bedrock models, including those from Cohere and Stability AI, were not consistently blocked or allowed as intended by IAM policies, posing potential compliance and cost risks. AWS acknowledged and fixed the issue, notifying affected customers and updating testing procedures to prevent future issues.

Affected Services

AWS Bedrock

Remediation

null

Tracked CVEs

No tracked CVEs

References

https://trustoncloud.com/blog/exposing-the-weakness-how-we-identified-a-flaw-in-bedrocks-foundation-model-access-control/

Contributed by https://github.com/mer-b

Entry Status

Finalized

Disclosure Date

Mon, Jan 15th, 2024

Exploitability Period

Until March 17th, 2024

Known ITW Exploitation

Detection Methods

null

Piercing Index Rating

Discovered by

Carlos Mora, TrustOnCloud

More vulnerabilities...

high

FlowFixation

A flaw in Amazon Managed Workflows for Apache Airflow (MWAA) could have allowed potential session hijacking and remote code execution. The issue stemmed from a combination of session fixation in th...

Liv Matan, TenableMar 21, 2024

medium

Synapse Analytics privilege escalation via intelligent caching

Tenable Research discovered a privilege escalation flaw that allows a user to escalate privileges to that of the root user within the context of a Spark VM. This escalation was achieved because of...

Jimi Sebree, TenableMar 7, 2024

high

Azure Site Recovery privilege escalation

When the ASR service is enabled, it uses an Automation Account with a System-Assigned Managed Identity to manage Site Recovery extensions on VMs. However, the Runbook (a set of scripts for managing...

Joshua Murrell, NetSPIFeb 13, 2024

View all