Back to directory
WRITEUP #1692

AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass

CloudLogic flawCloudTrail bypass
by@frichette_n(Nick Frichette)
Program
AWS
Published
Jan 17, 2023
Added to HackDex
Jan 18, 2023
Read Full Writeuphttps://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass/
RELATED WRITEUPS
Logic Flaw: I Can Block You from Accessing Your Own Account
Logic BugLogic flaw
“Like” Bypass on Customer Reviews — €500 bounty
Logic BugLogic flaw
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat