LeakyCLI: A New Vulnerability Exposing AWS and Google Cloud Credentials

A new vulnerability, dubbed LeakyCLI, has been discovered. This flaw affects command-line tools used in cloud environments, particularly those utilized by Amazon Web Services (AWS) and Google Cloud Platform (GCP).

The Vulnerability

The LeakyCLI vulnerability exposes sensitive credentials in logs. This poses potential risks to organizations utilizing AWS and Google Cloud platforms. The issue mirrors a previously identified vulnerability in Azure CLI (CVE-2023-36052, with a CVSS score of 8.6), which Microsoft addressed last November. Despite Microsoft’s fix, AWS and Google Cloud CLI remain susceptible to the same flaw.

Technical Details

The vulnerability arises from specific commands within these CLIs inadvertently exposing environment variables containing sensitive information. Adversaries could exploit this exposure, potentially gaining access to critical credentials such as passwords and keys, thereby compromising resources within affected repositories. This risk is particularly pronounced in Continuous Integration and Continuous Deployment (CI/CD) pipelines.

Implications

The implications of this vulnerability are significant. If exploited, it could lead to unauthorized access to sensitive data, operational disruptions, financial losses, and reputational damage. Moreover, it could have regulatory implications if sensitive customer data is compromised.

Current Status

Upon discovery, Orca Security promptly notified both Google and AWS. However, both companies consider this behavior within expected design parameters.

This is because AWS and Google Cloud’s command-line tools are designed to log activities for debugging and auditing purposes. The exposure of sensitive credentials in logs is sometimes an outcome of these logging activities. While seen as a vulnerability, AWS and Google Cloud view it as part of the normal operation of their CLIs, provided that users follow the recommended security practices.

Mitigation Strategies

To mitigate the risk, Orca recommends organizations refrain from storing secrets in environment variables. Instead, they should retrieve them from dedicated secrets store services like AWS Secrets Manager. By following proper protocols, organizations can safeguard against potential exploitation of vulnerabilities like LeakyCLI, thus ensuring the integrity and security of their cloud infrastructures.

Conclusion

Finding out about LeakyCLI really highlights how important it is to have strong security measures when we’re using cloud platforms. As we keep using these services, it’s really important for us to stay up to date about any possible security risks and make sure we’re doing everything we can to keep our information safe.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.