low

AWS CodeBuild Token Leakage

Published Sat, Feb 25th, 2023

Platforms

Summary

An attacker with elevated permissions in CodeBuild could leak the configured credentials for Github/Bitbucket. This was possible by configuring the http_proxy and https_proxy variables, which would allow you to capture the credentials via MITM.

Affected Services

AWS CodeBuild

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.halborn.com/blog/post/halborn-discovers-and-discloses-vulnerability-in-aws-code-build https://cloud.hacktricks.xyz/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Wed, Jan 18th, 2023

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Carlos Polop, Halborn

More vulnerabilities...

medium

Overprivileged CodeBuild default ECR IAM policy

For AWS CodeBuild, when using a custom container image stored in ECR and the project service role for the credentials to pull the image, the default IAM policy attached to the role to allow pulli...

Will Deane, ASX Consulting

Sat, Feb 25th, 2023

medium

Overprivileged CodeBuild default ECR IAM policy

For AWS CodeBuild, when using a custom container image stored in ECR and the project service role for the credentials to pull the image, the default IAM policy attached to the role to allow pulli...

Will Deane, ASX Consulting

Sat, Feb 25th, 2023

low