Amazon Web Services has fixed two flaws affecting AWS Glue and AWS CloudFormation.
The bug in AWS Glue could allow an attacker using the service to create resources and access data of other AWS Glue customers, according to Orca Security.
It’s easier than ever for enterprises to take a multicloud approach, as AWS, Azure, and Google Cloud Platform all share customers. Here’s a look at the issues, vendors and tools involved in the management of multiple clouds.
Orca researchers say it was due to an internal misconfiguration within AWS Glue, which AWS today confirmed it has since fixed.
Glue, which launched in 2017, is a managed serverless data integration service for connecting large databases, allowing developers to extract, transform and load (ETL) for machine-learning jobs.
Orca researchers discovered a Glue feature could be used to gain the credentials to a role within the AWS service’s own account to give an attack access to the internal service’s application programming interface (API).
Using this access with the internal misconfiguration, an attacker