critical

BreakingFormation

Published Thu, Jan 13th, 2022

Platforms

Summary

Read access of host of AWS internal Cloudformation service via XXE SSRF. The level of access with the compromised IAM role from there is unclear.

Affected Services

CloudFormation

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://orca.security/resources/blog/aws-cloudformation-vulnerability/https://orca.security/resources/blog/breakingformation-technical-vulnerability-walkthrough/https://aws.amazon.com/security/security-bulletins/AWS-2022-001/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Thu, Sep 9th, 2021

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

9.46

(PI:1.5/A1:22/A2:1.1/A7:1.1/A8:1.1)

Discovered by

Tzah Pahima, Orca Security

More vulnerabilities...

AWS AI services ToS allow sharing of customer data

Use of the AI services on AWS allows customer data to be moved outside of the regions it is used in and potentially shared with third-parties. Note: This issue is outside the scope of this database...

Ben Bridts

Thu, Jan 6th, 2022

medium

Google Cloud Shell command injection

A vulnerability was discovered in Cloud Shell that enabled command injection and remote shell access. The "Open in Cloud Shell" functionality allowed a user to provide values for both the "git_repo...

Ademar Nowasky Junior

Tue, Dec 28th, 2021

low

Dataflow RCE via unauthenticated JMX service

Dataflow worker nodes ran an unauthenticated Java Management Extensions (JMX) service that under certain circumstances would be exposed to the Internet, thus allowing unauthenticated remote code ex...

Mike Brancato

Tue, Dec 28th, 2021

View all