LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Security researchers have discovered a new vulnerability affecting command-line tools used in cloud environments. 

Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in logs, posing potential risks to organizations utilizing AWS and Google Cloud platforms. 

The issue mirrors a previously identified vulnerability in Azure CLI (CVE-2023-36052, with a CVSS score of 8.6), which Microsoft addressed last November. Despite Microsoft’s fix, AWS and Google Cloud CLI remain susceptible to the same flaw.

The vulnerability arises from specific commands within these CLIs inadvertently exposing environment variables containing sensitive information. 

Adversaries could exploit this exposure, potentially gaining access to critical credentials such as passwords and keys, thereby compromising resources within affected repositories. This risk is particularly pronounced in Continuous Integration and Continuous Deployment (CI/CD) pipelines.

“CLI commands are by default assumed to be running in a secure environment, but coupled with CI/CD pipelines, they may pose a security threat,” reads an advisory published by Orca today.

“This bypasses secret labeling, which aims to block sensitive exposure because the credentials that are printed back to stdout [the default stream where a program writes its output data] were never defined by the user during the automation setup.”

Orca promptly notified both Google and AWS upon discovery, yet both companies said they consider this behavior within expected design parameters. To mitigate the risk, Orca said organizations should refrain from storing secrets in environment variables, and instead retrieve them from dedicated secrets store services like AWS Secrets Manager.

By following proper protocols, organizations can safeguard against potential exploitation of vulnerabilities like LeakyCLI, thus ensuring the integrity and security of their cloud infrastructures.

Read more on cloud security here: NSA Launches Top 10 Cloud Security Mitigation Strategies

Image credit: nikkimeel / Shutterstock.com

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
ESET APT Activity Report Q4 2023–Q1 2024
How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe
Cyber-Attack Disrupts Christie’s $840M Art Auctions
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *