low

Enumeration of Privileges Without Being Logged to CloudTrail

Published Sat, Oct 17th, 2020

Platforms

aws

Summary

An attacker who gained access to IAM credentials could enumerate a subset of the privileges they had access to without logging to CloudTrail. This would allow them to perform the typically noisy permission enumeration process undetected.

Affected Services

CloudTrail

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://frichetten.com/blog/aws-api-enum-vuln/https://github.com/Frichetten/aws-stealth-perm-enum

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Wed, Sep 2nd, 2020

Exploitability Period

until 2021/05/18

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Nick Frichette

More vulnerabilities...

medium

AI Hub Jupyter Notebook instance CSRF

gcp

AI Hub Jupyter Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments.

s1r1us
low

Lack of internal change controls for IAM managed policies

aws

AWS have released or changed managed IAM policies in unexpected and insecure ways. Examples include: CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAcc...

Anonymous discoverer
low

Multiple issues in AWS IAM Authenticator for Kubernetes

aws

Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator). Multiple issues were identified i...

Felix Wilhelm, Google
View all