high

Unauthorized Access to AWS Account Findings in Microsoft Defender for Cloud

Published Mon, Jul 15th, 2024

Platforms

azure

Summary

Microsoft Defender for Cloud at one point provided customers with a flawed configuration template through their public GitHub repository. This template creates resources in the customer's AWS account so that Microsoft Defender for Cloud can scan it. In the rare cases in which this template was deployed, under certain, limited circumstances, Defender for Cloud's security findings for these AWS accounts could be disclosed to unauthorized third parties.

Affected Services

Microsoft Defender for Cloud

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.linkedin.com/pulse/confused-deputy-vulnerability-microsoft-defender-cloud-brandon-evans-9fyge/

Contributed by https://github.com/BrandonE

Entry Status

-

Disclosure Date

Wed, Feb 7th, 2024

Exploitability Period

Prior to 2024/03/07

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Brandon Evans, Eric Johnson

More vulnerabilities...

low

GCP HMAC Keys are not discoverable or revokable other than for self

gcp

GCP administrators face challenges in managing HMAC keys within their organizations, lacking visibility into which user accounts have generated these keys and whether they are actively being used...

Kat Traxler, Vectra AI
low

GCP HMAC Keys do not log creation, deletion or usage

gcp

Cloud Audit Logs do not capture actions mediated through the cloud console private API service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion linked to user...

Kat Traxler, Vectra AI

Azure Machine Learning SSRF

azure
Tenable, Wiz
View all