One Article Review
| Source |  Vuln AWS |
|---|---|
| Identifiant | 8296125 |
| Date de publication | 2022-01-13 21:42:59 (vue: 2022-12-30 21:12:45) |
| Titre | Reported AWS Glue Issue |
| Texte | Initial Publication Date: 2022/01/13 13:00 PST A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an AWS-internal misconfiguration permitted the researchers to use these credentials as the AWS Glue service. There is no way that this could have been used to affect customers who do not use the AWS Glue service. No customer action is required. AWS moved immediately to correct this issue when it was reported. Analysis of logs going back to the launch of the service have been conducted and we have conclusively determined that the only activity associated with this issue was between accounts owned by the researcher. No other customer's accounts were impacted. All actions taken by AWS Glue in a customer's account are logged in CloudTrail records controlled and viewable by customers. We would like to thank Orca Security for reporting this issue. Security-related questions or concerns can be brought to our attention via aws-security@amazon.com. |
| Envoyé | Oui |
| Condensat | 13:00 2022/01/13 account accounts action actions activity affect all allowed analysis and are associated attention aws back been between brought can cloudtrail com concerns conclusively conducted controlled correct could credentials customer customers date: determined feature for glue going have immediately impacted initial internal issue itself launch like logged logs misconfiguration moved not obtained only orca other our owned permitted pst publication questions recently records related reported reporting required researcher researchers security security@amazon service specific take taken thank that the them there these this use used utilizing via viewable was way were when who with would |
| Tags | |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.