low

AWS CodeBuild Token Leakage

Published Sat, Feb 25th, 2023

Platforms

Summary

An attacker with elevated permissions in CodeBuild could leak the configured credentials for Github/Bitbucket. This was possible by configuring the http_proxy and https_proxy variables, which would allow you to capture the credentials via MITM.

Affected Services

AWS CodeBuild

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.halborn.com/blog/post/halborn-discovers-and-discloses-vulnerability-in-aws-code-build https://cloud.hacktricks.xyz/pentesting-cloud/aws-pentesting/aws-post-exploitation/aws-codebuild-post-exploitation/aws-codebuild-token-leakage

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Wed, Jan 18th, 2023

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Carlos Polop, Halborn

More vulnerabilities...

critical

Azure AD B2C cryptographic flaw allowing account compromise

Azure Active Directory B2C service (AD B2C) mistakenly implemented RSA key authentication using the public part of the key pair instead of the private one. This cryptographic flaw could have allowe...

John Novak, Praetorian

Wed, Feb 15th, 2023

medium

Azure App Service on Azure Stack Hub privilege escalation

A privilege escalation vulnerability was discovered in Azure App Service on Azure Stack Hub (an on-prem private cloud offering). To exploit this vulnerability, an attacker must have access to the t...

Ruslan Sayfiev, Denis Faius...

Tue, Feb 14th, 2023

medium

AWS Console rate limit bypass

AWS applies a rate limit to authentication requests made to the AWS Console in an effort to prevent brute-force and credential stuffing attacks. However, a weakness was discovered in the AWS Consol...

Christophe Tafani-Dereeper,...

Mon, Feb 6th, 2023

View all