low

AWS package backfill attack

Published Sun, May 1st, 2022

Platforms

Summary

Two malicious versions were created of packages previously used by AWS. The packages were officially authored and maintained by AWS before they were removed by their legitimate author, and once the packages were removed, their names became available and the two packages were then populated with malicious code. If AWS-deployed software had any dependencies on these packages, this would have led to a dependency confusion attack.

Affected Services

N/A

Tracked CVEs

No tracked CVEs

References

https://www.mend.io/resources/blog/aws-targeted-by-a-package-backfill-attack/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Sun, May 1st, 2022

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Mend Diffend

More vulnerabilities...

critical

ExtraReplica

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server, allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenan...

Sagi Tzadik, Nir Ohfeld, Sh...Apr 28, 2022

high

AWS SSM agent local privilege escalation

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate p...

Matthias Gerstner, SUSEApr 20, 2022

high

Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

AWS's hotpatches for Log4shell worked as intended but introduced new container escape vulnerabilities.

Yuval Avrahami, Palo AltoApr 19, 2022

View all