medium

CloudTrail bypass for AWS Service Catalog

Published Sun, Mar 19th, 2023

Platforms

Summary

Due to an exposed development endpoint, it was possible to bypass CloudTrail logging for both read and write API actions for the Service Catalog service. This could have enabled adversaries to alter Service Catalog resources undetected after gaining a foothold in a victim AWS environment.

Affected Services

Service Catalog

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other/

Contributed by https://github.com/frichetten

Entry Status

Finalized

Disclosure Date

Mon, Jan 30th, 2023

Exploitablity Period

Until 2023/02/07

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Nick Frichette, Datadog

More vulnerabilities...

medium

Super FabriXss

Azure Service Fabric Explorer (SFX) was affected by an XSS vulnerability that could have allowed a malicious script to be reflected off a web application. After a potential victim clicked on a craf...

Lidor Ben Shitrit, Orca Sec...

Tue, Mar 14th, 2023

medium

Overprivileged CodeBuild default ECR IAM policy

For AWS CodeBuild, when using a custom container image stored in ECR and the project service role for the credentials to pull the image, the default IAM policy attached to the role to allow pulli...

Will Deane, ASX Consulting

Sat, Feb 25th, 2023

low

AWS CodeBuild Token Leakage

An attacker with elevated permissions in CodeBuild could leak the configured credentials for Github/Bitbucket. This was possible by configuring the http_proxy and https_proxy variables, which wou...

Carlos Polop, Halborn

Sat, Feb 25th, 2023

View all