medium

Overprivileged AWS support IAM role policy

Published Wed, Dec 22nd, 2021

Platforms

Summary

AWS added an excessive s3:getObject permission to AWSSupportServiceRolePolicy IAM policy used by AWS Support teams, and removed it a day later.

Affected Services

N/A

Remediation

None required, though best practice would be to use KMS-CMK for bucket encryption and minimize privileges in resource policies.

Tracked CVEs

No tracked CVEs

References

https://aws.amazon.com/security/security-bulletins/AWS-2021-007/https://twitter.com/0xdabbad00/status/1473448889948598275

Contributed by https://github.com/z0ph

Entry Status

Finalized

Disclosure Date

Tue, Dec 21st, 2021

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Scott Piper, Summit Route

More vulnerabilities...

high

LPE vulnerability in Eltima (3rd-party cloud desktop driver)

Several cloud desktop solutions rely on a 3rd-party library called Eltima SDK to provide USB over Ethernet capabilities, to allow users to connect and share local devices such as webcams. SentinelL...

Kasif Dekel, SentinelOneDec 7, 2021

medium

AWS SageMaker Jupyter Notebook instance CSRF

AWS SageMaker Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments...

Gafnit Amiga, LightspinDec 2, 2021

high

CredManifest (Azure AD keyCredential property information disclosure)

Automation Account 'Run as' credentials (PFX certificates) were being stored in cleartext, in Azure Active Directory (AAD). These credentials were available to anyone with the ability to read infor...

Karl Fosaaen, NetSPINov 17, 2021

View all