We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯 How did we do it? Just two missing characters was all it took. This is the story of #CodeBreach 🧵👇

‼️CodeBreach: Critical CI/CD Flaw Exposed AWS GitHub Repositories to Full Takeover Wiz Research identified a critical flaw, dubbed CodeBreach, that enabled a full takeover of core AWS GitHub repositories, including the AWS SDK for JavaScript. The issue was caused by a

🚨 CodeBreach: Wiz Research identified a critical repository-hijacking vulnerability that abused a CodeBuild Regex flaw to compromise core AWS GitHub repos, including a core lib running at the heart of the cloud's most critical interface - the #AWS Console. Patched fast by

Very cool research on a CodeBuild misconfiguration which could have had significant consequences. I’m a bit disappointed that there wasn’t more done to secure the supply chain after the Q Developer incident. https://t.co/0sJFj7h6DH

🔐⚙️ AWS fixed a CI misconfiguration in some AWS-managed GitHub repos, including the AWS JavaScript SDK. The flaw, CodeBreach, involved broken webhook regex filters that could let untrusted users trigger privileged builds and expose admin tokens. 🔗 Read here →

🚨 CRITICAL: AWS Console Was Vulnerable to Supply Chain Attack Researchers have revealed a massive flaw dubbed "CodeBreach" that could have turned the official AWS Management Console into a weapon against its own users. 🔴 The Flaw: A misconfiguration in AWS CodeBuild (a simple

🔐 The AWS CodeBreach vulnerability is a good reminder of why architecture matters. When one library powers both your platform AND 66% of customer environments, a single flaw cascades everywhere. At STACKS: → Your containers are yours → No shared libraries between platform

We @wiz_io responsibly disclosed this to @AWSSecurityInfo, who promptly fixed the issue in under 48 hours! They also implemented new safeguards in CodeBuild to prevent similar attacks. For the full story, check out our blog >>>

Wiz Research는 AWS 콘솔 공급망을 위협하는 심각한 취약점인 CodeBreach를 발견했습니다. 이 문제로 인해 주요 AWS GitHub 리포지토리, 특히 AWS 콘솔의 핵심 라이브러리인 AWS JavaScript SDK에 대한 완전한 장악이 가능했습니다 . CodeBreach를 악용한 공격자는 악성 코드를 삽입하여 ���랫폼

【サプライチェーンセキュリティ】AWS CodeBuildの設定ミスでGitHubリポジトリ乗っ取りの危険性、正規表現の不備が招いた重大リスク クラウドセキュリティ企業Wizは、AWS CodeBuildのWebhookフィルター設定における重大な脆弱性「CodeBreach」を発見した。この問題はAWSのJavaScript

Ніколи такого не було але знов об Regex сротикнулися, пора вже ORM для регіксів робити :) https://t.co/dghE5CUfgl

Read the full story and see how Wiz uncovered it: