Wiz Research identified a serious vulnerability, CodeBreach, that compromised the AWS Console supply chain, allowing attackers to potentially seize AWS GitHub repositories, including the crucial AWS JavaScript SDK. This vulnerability arose from a misconfiguration in AWS CodeBuild CI pipelines, where unauthenticated attackers could exploit Regex errors to infiltrate build environments and access sensitive credentials. Wiz disclosed the findings responsibly to AWS, which swiftly implemented remediation strategies, including a Pull Request Comment Approval feature to block untrusted builds.
The incident underscores the increasing risk of supply chain attacks, as seen in the recent Amazon Q extension incident, emphasizing the necessity for organizations to secure their CI/CD pipelines. Key recommendations for CodeBuild users include restricting access for untrusted pull requests and minimizing permissions for Personal Access Tokens. The research highlights the urgent need for enhanced vigilance and robust security measures in cloud environments to prevent similar vulnerabilities. For more information, refer to the AWS Advisory.
Source link
