LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Security researchers have discovered a new vulnerability affecting command-line tools used in cloud environments. 

Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in logs, posing potential risks to organizations utilizing AWS and Google Cloud platforms. 

The issue mirrors a previously identified vulnerability in Azure CLI (CVE-2023-36052, with a CVSS score of 8.6), which Microsoft addressed last November. Despite Microsoft’s fix, AWS and Google Cloud CLI remain susceptible to the same flaw.

The vulnerability arises from specific commands within these CLIs inadvertently exposing environment variables containing sensitive information. 

Adversaries could exploit this exposure, potentially gaining access to critical credentials such as passwords and keys, thereby compromising resources within affected repositories. This risk is particularly pronounced in Continuous Integration and Continuous Deployment (CI/CD) pipelines.

“CLI commands are by default assumed to be running in a secure environment, but coupled with CI/CD pipelines, they may pose a security threat,” reads an advisory published by Orca today.

“This bypasses secret labeling, which aims to block sensitive exposure because the credentials that are printed back to stdout [the default stream where a program writes its output data] were never defined by the user during the automation setup.”

Orca promptly notified both Google and AWS upon discovery, yet both companies said they consider this behavior within expected design parameters. To mitigate the risk, Orca said organizations should refrain from storing secrets in environment variables, and instead retrieve them from dedicated secrets store services like AWS Secrets Manager.

By following proper protocols, organizations can safeguard against potential exploitation of vulnerabilities like LeakyCLI, thus ensuring the integrity and security of their cloud infrastructures.

Read more on cloud security here: NSA Launches Top 10 Cloud Security Mitigation Strategies

Image credit: nikkimeel / Shutterstock.com

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Hackers Target New NATO Member Sweden with Surge of DDoS Attacks
When is One Vulnerability Scanner Not Enough?
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

Leave a Reply

Your email address will not be published. Required fields are marked *