AWS CDK Vulnerabilities Let Attackers Gain Admin Access to AWS Accounts
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Security researchers from Aquasec recently discovered a critical vulnerability in the AWS Cloud Development Kit (CDK) that could allow attackers to gain full administrative access to targeted AWS accounts.
The issue, reported to AWS in June 2024, affects CDK users who have used version v2.148.1 or earlier.
The vulnerability stems from the predictable naming convention used by AWS CDK when creating resources during the bootstrapping process.
If a user deletes this bucket after bootstrapping, an attacker can claim the bucket by creating one with the same name in their own account.
When the victim runscdk deploy, their CDK instance will trust the attacker-controlled bucket and write CloudFormation templates to it.
The attacker can then modify these templates, injecting malicious resources such as an admin role they can assume.
AWS CDK Attack Chain | Source: Aquasec
Since the victim’s CloudFormation service deploys resources with administrative privileges by default, the backdoored template is executed in the victim’s account, granting the attacker full control.
Research covering over 38,000 well-known account IDs revealed that approximately 1% of CDK users were susceptible to this attack vector.
Out of 782 accounts identified as having CDK installed, 81 (10%) were vulnerable due to missing staging buckets.
AWS has released fixes starting from CDK version v2.149.0, adding conditions to ensure roles only trust buckets within the user’s account.
However, users of older versions must take action by upgrading and re-running the cdk bootstrap command.
Security experts recommend treating AWS account IDs as sensitive information, using conditions in IAM policies to restrict access to trusted resources, and avoiding predictable S3 bucket names.
This discovery highlights the importance of staying updated with the latest security patches and following best practices when using cloud infrastructure tools like AWS CDK.
As more organizations adopt Infrastructure as Code (IaC) practices, it is crucial to remain vigilant against potential vulnerabilities that could lead to costly breaches.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
AWS CDK Vulnerabilities Let Attackers Gain Admin Access to AWS Accounts
Author: Guru BaranSecurity researchers from Aquasec recently discovered a critical vulnerability in the AWS Cloud Development Kit (CDK) that could allow attackers to gain full administrative access to targeted AWS accounts.
The issue, reported to AWS in June 2024, affects CDK users who have used version v2.148.1 or earlier.
The vulnerability stems from the predictable naming convention used by AWS CDK when creating resources during the bootstrapping process.
If a user deletes this bucket after bootstrapping, an attacker can claim the bucket by creating one with the same name in their own account.
When the victim runscdk deploy, their CDK instance will trust the attacker-controlled bucket and write CloudFormation templates to it.
The attacker can then modify these templates, injecting malicious resources such as an admin role they can assume.
AWS CDK Attack Chain | Source: AquasecSince the victim’s CloudFormation service deploys resources with administrative privileges by default, the backdoored template is executed in the victim’s account, granting the attacker full control.
Research covering over 38,000 well-known account IDs revealed that approximately 1% of CDK users were susceptible to this attack vector.
Out of 782 accounts identified as having CDK installed, 81 (10%) were vulnerable due to missing staging buckets.
AWS has released fixes starting from CDK version v2.149.0, adding conditions to ensure roles only trust buckets within the user’s account.
However, users of older versions must take action by upgrading and re-running the cdk bootstrap command.
Security experts recommend treating AWS account IDs as sensitive information, using conditions in IAM policies to restrict access to trusted resources, and avoiding predictable S3 bucket names.
This discovery highlights the importance of staying updated with the latest security patches and following best practices when using cloud infrastructure tools like AWS CDK.
As more organizations adopt Infrastructure as Code (IaC) practices, it is crucial to remain vigilant against potential vulnerabilities that could lead to costly breaches.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
