Wednesday, October 16, 2024

AWS Patches Glue Bug That Put Customer Data at Risk

Dubbed “Superglue” by the Orca Security Research Team, the bug was made possible by an internal misconfiguration within the service.

AWS Glue is a serverless data integration service that allows customers to discover and combine data for machine learning, analytics and app development. Given that it can access large volumes of potentially sensitive data, it could be an attractive target for hackers.

“During our research, we were able to identify a feature in AWS Glue that could be exploited to obtain credentials to a role within the AWS service’s own account, which provided us full access to the internal service API,” Orca Security explained.

“In combination with an internal misconfiguration in the Glue internal service API, we were able to further escalate privileges within the account to the point where we had unrestricted access to all resources for the service in the region, including full administrative privileges.”

The vendor claimed to have been able to assume roles in AWS customer accounts that are trusted by Glue and query and modify AWS Glue service-related resources in a region. These included Glue jobs, dev endpoints, workflows, crawlers and triggers.

The research team was at pains to point out that it only used its own accounts for this project and that no AWS Glue customers were compromised as a result.

AWS worked swiftly with the team to fix the problem.

“Today, Orca Security, a valued AWS partner, helped us detect and mitigate a misconfiguration before it could impact any customers,” explained AWS principal engineer Anthony Virtuoso.

“We greatly appreciate their talent and vigilance, and we would like to thank them for the shared passion of protecting AWS customers through their findings.”

Recommended:  GitHub code scanning now finds more security vulnerabilities

The same research team revealed a second vulnerability in AWS this week dubbed “BreakingFormation.”

Also now fixed by AWS, this zero-day bug could have allowed attackers to leak sensitive files on targeted service machines and grab credentials related to internal AWS infrastructure services.

Related

Return to cybersecurity news

Bookmark
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security