low

AWS package backfill attack

Published Sun, May 1st, 2022

Platforms

Summary

Two malicious versions were created of packages previously used by AWS. The packages were officially authored and maintained by AWS before they were removed by their legitimate author, and once the packages were removed, their names became available and the two packages were then populated with malicious code. If AWS-deployed software had any dependencies on these packages, this would have led to a dependency confusion attack.

Affected Services

N/A

Tracked CVEs

No tracked CVEs

References

https://www.mend.io/resources/blog/aws-targeted-by-a-package-backfill-attack/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Sun, May 1st, 2022

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Mend Diffend

More vulnerabilities...

critical

ExtraReplica

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server, allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenan...

Sagi Tzadik, Nir Ohfeld, Sh...

Thu, Apr 28th, 2022

high

AWS SSM agent local privilege escalation

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate p...

Matthias Gerstner, SUSE

Wed, Apr 20th, 2022

high

Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

AWS's hotpatches for Log4shell worked as intended but introduced new container escape vulnerabilities.

Yuval Avrahami, Palo Alto

Tue, Apr 19th, 2022

View all