A security vulnerability called “cross-tenant” has been detected by Datadog researchers in AppSync, a popular Amazon Web Services (AWS) tool. AppSync is a popular AWS service that allows developers to quickly create GraphQL and Pub/Sub APIs.

The vulnerability is due to a case-sensitivity parsing issue of the AppSync service that could potentially be used to bypass cross-account role usage validations and act as a service on customer accounts. Successful vulnerability exploitation allows threat actors to assume Identity and Access Management (IAM) roles in other AWS accounts.

appsec aws — Figure: Vulnerability flow diagram

The vulnerability detected on September 1, 2022, was immediately reported to AWS. AWS, which rescheduled the attack, verified the impact of the vulnerability and released a fix that fixed it. In addition, Amazon released a statement on Monday, November 21, confirming the details of the vulnerability and stating that no customers were affected by the vulnerability. There is no action for Amazon customers to take due to the vulnerability.

Amazon Fixes a Security Vulnerability Affecting AWS AppSync

Brandefense’s Perspective on Understanding APT: Decoding the Tactics of APT Groups

Blended Attacks: When Cybercriminals Use Multiple Techniques

Insider Threats: Identifying and Mitigating Risks from Within

Threat Actors Exploit Docker Engine API

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.

Solutions

Use Case

Partners

Company