low

AWS AppStream Cloudtrail Bypass

Published Mon, Sep 11th, 2023
Platforms

Summary

Credentials can be extracted from AppStream. When used, they obscure the sourceIP and userName of the initial user. The sourceIP appears as appstream.amazonaws.com.

Affected Services

AppStream

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Entry Status
Finalized
Disclosure Date
Mon, Sep 11th, 2023
Exploitablity Period
ongoing
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Saransh Rana, CRED