Back to directory
WRITEUP #920

No keys attached: Exploring GitHub-to-AWS keyless authentication flaws

CloudOIDCCI/CDAccount takeover
by@christophetd(Christophe Tafani-Dereeper)
Program
UK Cabinet Office
Published
Jul 27, 2023
Added to HackDex
Jul 31, 2023
Read Full Writeuphttps://securitylabs.datadoghq.com/articles/exploring-github-to-aws-keyless-authentication-flaws/
RELATED WRITEUPS
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Self-XSS to ATO via Site Features
XSSSelf-XSS
Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk
AI / LLMCI/CD

Built with ❤️ by Shubham Rawat