high

Unauthorized Access to AWS Account Findings in Microsoft Defender for Cloud

Published Mon, Jul 15th, 2024

Platforms

Summary

Microsoft Defender for Cloud at one point provided customers with a flawed configuration template through their public GitHub repository. This template creates resources in the customer's AWS account so that Microsoft Defender for Cloud can scan it. In the rare cases in which this template was deployed, under certain, limited circumstances, Defender for Cloud's security findings for these AWS accounts could be disclosed to unauthorized third parties.

Affected Services

Microsoft Defender for Cloud

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.linkedin.com/pulse/confused-deputy-vulnerability-microsoft-defender-cloud-brandon-evans-9fyge/

Contributed by https://github.com/BrandonE

Entry Status

Disclosure Date

Wed, Feb 7th, 2024

Exploitablity Period

Prior to 2024/03/07

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Brandon Evans, Eric Johnson

More vulnerabilities...

low

GCP HMAC Keys are not discoverable or revokable other than for self

GCP administrators face challenges in managing HMAC keys within their organizations, lacking visibility into which user accounts have generated these keys and whether they are actively being used...

Kat Traxler, Vectra AI

Mon, Jun 17th, 2024

low

GCP HMAC Keys do not log creation, deletion or usage

Cloud Audit Logs do not capture actions mediated through the cloud console private API service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion linked to user...

Kat Traxler, Vectra AI

Mon, Jun 17th, 2024

Azure Machine Learning SSRF

Tenable, Wiz

Mon, Jun 17th, 2024

View all