An AWS Glue security flaw has been identified and addressed in Amazon Web Services (AWS) recently by the cybersecurity researchers at Orca security firm.
But, what is AWS Glue? It is a serverless cloud data integration service that generally helps users to do the following things:-
- Discover data for app development
- Prepare data for app development
- Combine data for app development
- Machine learning
- Analytics
To escalate privileges and gain access to all the service resources available in the region, the cybersecurity analysts at Orca Security have stemmed the flaw from an exploitable AWS Glue feature and an internal service API misconfiguration.
Here’s what a Cloud Security Researcher at Orca Security, Yanir Tsarimi stated:-
“During our research, we were able to identify a feature in AWS Glue that could be exploited to obtain credentials to a role within the AWS service’s own account, which provided us full access to the internal service API.”
“In combination with an internal misconfiguration in the Glue internal service API, we were able to further escalate privileges within the account to the point where we had unrestricted access to all resources for the service in the region, including full administrative privileges.”
Technical Overview
In other AWS customers’ accounts, the security experts have assumed the roles that are trusted by the Glue service.
The attackers can perform the following queries when in an AWS region the AWS Glue service-related resources were exploited by the threat actors:-
- Glue jobs
- Dev endpoints
- Workflows
- Crawlers
- Triggers
For further clearance researchers at Orca Security have asserted that all the researches that they have done related to this analysis was done within the AWS accounts that are owned by the Orca Security firm.
The XXE flaw has led to the exposure of the internal AWS infrastructure services’ file and credentials. But, the security team of AWS has already patched this vulnerability.
