low

Codebuild data exfiltration

Published Thu, Feb 3rd, 2022
Platforms

Summary

When customers attach a CodeBuild project to their VPC, CodeBuild’s build container will apply the same network routing rules as defined in the customer’s VPC Security Group. However, CodeBuild EC2 hosts retained Internet connectivity via AWS's own VPC, thus allowing an attacker to bypass any custom VPC rules the customer had set up, and use CodeBuild for data exfiltration from the targeted environment. AWS later updated the CodeBuild service to block all outbound network access for newly created CodeBuild projects which contain a customer-defined VPC configuration.

Affected Services

N/A

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Thu, Feb 3rd, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Aidan Steele, null