critical

BreakingFormation

Published Thu, Jan 13th, 2022
Platforms

Summary

Read access of host of AWS internal Cloudformation service via XXE SSRF. The level of access with the compromised IAM role from there is unclear.

Affected Services

CloudFormation

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Entry Status
Finalized
Disclosure Date
Thu, Sep 9th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
9.46
(PI:1.5/A1:22/A2:1.1/A7:1.1/A8:1.1)
Discovered by
Tzah Pahima, Orca Security