search

RhinoSecurityLabs / AWS-IAM-Privilege-Escalation

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
BSD 3-Clause "New" or "Revised" License
896 stars 118 forks source link

Is GetJobDetails considered a possible privelege escalation as well? #1

Open vo55 opened 5 years ago

vo55 commented 5 years ago

Hey there,

the codepipeline action "GetJobDetails" may return temporary s3 credentials which allow access to artifacts. Therefore, with the GetJobDetails action permission you can grab temporary credentials and access artifacts.

From the documentation: "Important

When this API is called, AWS CodePipeline returns temporary credentials for the Amazon S3 bucket used to store artifacts for the pipeline, if the action requires access to that Amazon S3 bucket for input or output artifacts. This API also returns any secret values defined for the action."

https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_GetJobDetails.html

Thanks in advance, Philip

miglen commented 3 years ago

No, by definition privilege escalation is when a user may gain elevated access to resources that are normally protected. You may see that most examples in the repository are focused on IAM privilege escalation. You already have access to view some of the pipeline artifacts already.