medium

Lightsail object storage access keys logged

Published Thu, Aug 5th, 2021

Platforms

aws

Summary

Lightsail object storage allows the creation of access keys which were logged to CloudTrail (both access key and secret key)

Affected Services

Lightsail

Remediation

Roll access keys

Tracked CVEs

No tracked CVEs

References

https://summitroute.com/blog/2021/08/05/lightsail-object-storage-concerns-part-1/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Thu, Aug 5th, 2021

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Scott Piper, Summit Route

More vulnerabilities...

medium

DHCP abuse for code exec

gcp

Under certain conditions, an attacker can flood DHCP packets to the victim VM, allowing it to impersonate the Metadata server, and grant themselves SSH access.

Imre Rad
high

Privilege escalation on Dialogflow cloud platform

gcp

A privilege escalation vulnerability was discovered in Google's Dialogflow cloud platform. When downgrading a user's role from Developer to Reviewer, the permissions were not properly updated, allo...

lalka
low

Elastic Beanstalk - XSS in Web Console

aws

An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be di...

Nick Frichette
View all