www.thecybersyrup.com Open in urlscan Pro
2606:4700::6812:4428  Public Scan

Form analysis
1 forms found in the DOM

POST /create

<form method="post" action="/create" class="rounded-wt group w-full bg-transparent"><input hidden="" name="ref" value=""><input hidden="" name="bhba" value=""><input hidden="" name="visit_token" value="676c550c-8d78-439a-bb4d-ed643ea3c8f3"><input
    name="cf-turnstile-response" type="hidden" value=""><input name="redirect_path" type="hidden" value="/c/welcome?email="><input name="sent_from_orchid" type="hidden" value="true"><input name="fallback_path" type="hidden"
    value="/p/aws-and-google-cloud-cli-vulnerabilities"><input name="is_recaptcha_enabled" type="hidden" value="true"><input name="double_opt" type="hidden" value="false"><input name="trigger_redirect" type="hidden" value="false"><input hidden=""
    name="subscribe_error_message" value="Oops, something went wrong."><input hidden="" name="subscribe_success_message" value="Subscribed!">
  <div class="flex flex-col">
    <div style="background-color:#401c6a;border:2px solid #401c6a" class="flex w-full flex-col items-center sm:flex-row overflow-hidden rounded-lg">
      <div class="flex w-full items-center" style="background-color:#F9FAFB"><input type="email" name="email" required="" style="font-family:Open Sans;color:#111827" class="wt-button-font z-10 w-full border-none bg-transparent"
          placeholder="Enter Your Email"></div><input type="submit" style="background-color:#401c6a;color:#FFFFFF;font-family:Garamond" class="text-md cursor-pointer px-3 py-2 font-semibold w-full sm:w-auto rounded-lg rounded-none sm:rounded-lg-r"
        value="Subscribe">
    </div>
  </div>
</form>

Text Content

Cyber Syrup

LoginSubscribe


0

 * Cyber Syrup
 * Posts
 * AWS and Google Cloud CLI Vulnerabilities


AWS AND GOOGLE CLOUD CLI VULNERABILITIES


AMAZON WEB SERVICES (AWS) AND GOOGLE CLOUD CLI TOOLS MAY INADVERTENTLY EXPOSE
SENSITIVE CREDENTIALS WITHIN BUILD LOGS.




CYBER SYRUP
DELIVERING THE SWEETEST INSIGHTS ON CYBERSECURITY.






AWS AND GOOGLE CLOUD CLI VULNERABILITIES



Recent findings in cybersecurity research reveal that Command-Line Interface
(CLI) tools, particularly those provided by Amazon Web Services (AWS) and Google
Cloud, may inadvertently expose sensitive credentials within build logs. This
vulnerability, which has been termed LeakyCLI by the cloud security firm Orca,
poses significant risks to organizations by potentially leaking critical access
information through automation tools used in software development.

The issue centers around how certain CLI commands display environment variables
that may contain sensitive data such as passwords, API keys, and access tokens.
During the processes of Continuous Integration and Continuous Deployment
(CI/CD), which are commonly automated through platforms like GitHub Actions,
CircleCI, and Cloud Build, these commands can output sensitive information
directly into publicly accessible logs.

This vulnerability was identified across multiple CLI tools including Azure CLI,
AWS CLI, and Google Cloud CLI. However, while Microsoft has responded to the
vulnerability by updating Azure CLI and addressing it under CVE-2023-36052 with
a CVSS score of 8.6, Amazon and Google have categorized this as an expected
behavior, noting that the security of CLI environments falls under
organizational responsibility.

The specific commands found to be at risk include various AWS Lambda functions
and Google Cloud functions commands, which, if executed within CI/CD scripts,
can lead to the unintended exposure of sensitive environment variables. Here is
a list of some of these commands:

 * AWS CLI:
   
   * aws lambda get-function-configuration
   
   * aws lambda get-function
   
   * aws lambda update-function-configuration
   
   * aws lambda update-function-code
   
   * aws lambda publish-version

 * Google Cloud CLI:
   
   * gcloud functions deploy <func> --set-env-vars
   
   * gcloud functions deploy <func> --update-env-vars
   
   * gcloud functions deploy <func> --remove-env-vars

Orca’s research uncovered several instances where projects inadvertently leaked
sensitive data via GitHub Actions, demonstrating how widespread and easily
exploitable this vulnerability can be.

Who is at Risk?

Organizations that use these CLI tools within their CI/CD pipelines are at
potential risk, especially if they handle sensitive information that could give
attackers access to internal systems or data. This includes tech companies,
enterprises using cloud services for operations or software development, and any
entity relying on automated cloud interactions that might include sensitive
configurations.

Mitigating the Risk

To mitigate these risks, organizations are advised to follow several best
practices:

 1. Use Dedicated Secret Management Services: Rather than storing sensitive
    information in environment variables, use services designed to manage
    secrets securely. AWS Secrets Manager and Google Cloud Secret Manager are
    two such services that provide mechanisms to store and access secrets
    securely without exposing them in logs.

 2. Suppress Sensitive Output: For Google Cloud users, employing the
    --no-user-output-enabled option can suppress the printing of command output
    to the terminal, reducing the risk of leaking sensitive information through
    console logs.

 3. Environment Hardening: Ensure that CLI commands are executed in secure
    environments. This involves configuring access controls and security
    settings to limit who can execute commands and under what conditions.

 4. Regular Audits and Monitoring: Implement monitoring tools to detect unusual
    access patterns or unauthorized attempts to access secrets. Regular audits
    of CI/CD pipelines and associated scripts can help identify and rectify
    potential vulnerabilities.

 5. Education and Awareness: Train developers and IT staff on the risks
    associated with handling sensitive information within CI/CD environments.
    Promote security best practices and ensure that personnel are aware of how
    to securely configure and use cloud and automation tools.

By understanding the threat landscape and implementing these mitigation
strategies, organizations can significantly reduce their vulnerability to
attacks exploiting the LeakyCLI issue and enhance their overall cybersecurity
posture. Ensuring that CLI tools and environments are secure is not just a
technical necessity but a critical component of maintaining trust and integrity
within digital operations.





Cyber Syrup

Delivering the sweetest insights and updates on cybersecurity to keep you
protected in the digital world.

Home

Posts



© 2024 The Cyber Syrup..

Privacy Policy

Terms of Use

Powered by beehiiv