high

CloudShell Vulnerability Grants Unintended AWS Access

Published Tue, Oct 15th, 2024
Platforms

Summary

A vulnerability in AWS CloudShell allowed users to gain unintended command-line access to the underlying AWS infrastructure. During a training session, a delegate unexpectedly received the identity context of an EC2 instance role within an ECS cluster, instead of the intended AWS account. This issue potentially bypassed existing controls aimed at preventing lateral movement and access to higher-privileged management roles.

Affected Services

CloudShell

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Entry Status
Stub (AI-Generated)
Disclosure Date
Tue, Jul 30th, 2024
Exploitablity Period
Until 2024/08/30
Known ITW Exploitation
-
Detection Methods
Users can detect unexpected access by running 'aws sts get-caller-identity' in CloudShell and comparing the output to their expected IAM user or role.
Piercing Index Rating
-
Discovered by
Paul Schwarzenberger