low

CloudTrail S3 data events leak bucket Account ID

Published Mon, Jul 27th, 2020

Platforms

Summary

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in error message that showed up in CloudTrail.

Affected Services

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://twitter.com/trustoncloud/status/1549005011463446528 https://github.com/trustoncloud/threatmodel-for-aws-s3

Contributed by https://github.com/jon-trust

Entry Status

Finalized

Disclosure Date

Mon, Jul 27th, 2020

Exploitablity Period

until 2022/07/08

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Jonathan Rault, TrustOnCloud

More vulnerabilities...

low

XSS on EC2 web console

Display of EC2 tags had XSS

Johann Rehberger

Wed, Jul 1st, 2020

medium

GKE and EKS CAP_NET_RAW metadata service MITM root privilege escalation

An attacker with access to a hostNetwork=true container with CAP_NET_RAW capability can listen to all the traffic going through the host and inject arbitrary traffic, allowing to tamper with most u...

Etienne Champetier

Mon, Jun 15th, 2020

high

RCE in Google Cloud Deployment Manager

An RCE in Google Cloud Deployment Manager could have allowed an attacker to make requests to internal Google services, authenticated as a privileged service account.

Ezequiel Pereira

Thu, May 21st, 2020

View all