We discovered a pattern in the way many projects retrieve Amazon Machine Images (AMIs), allowing attackers to publish AMIs with specially crafted names and gain code execution within vulnerable accounts.

https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/

by @sethsec.bsky.social

Comments

Posting Rules

  • Be respectful to others
  • No spam or self-promotion
  • Stay on topic
  • Follow Bluesky's terms of service