Researchers at cloud security start up Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.
The first of the security flaws is described as an XML External Entity (XXE) error that could have been exploited to leak sensitive files stored in the CloudFormation service, as well as to disclose credentials for internal AWS infrastructure services.
The XXE vulnerability could have allowed attackers to read files and perform HTTP requests on behalf of a compromised CloudFormation server, according to an advisory from Orca Security.
Read More: https://www.securityweek.com/details-published-aws-flaws-leading-data-leaks
