Amazon fixes security flaw in AWS Glue service

Amazon Web Services has fixed two flaws affecting AWS Glue and AWS CloudFormation. 

The bug in AWS Glue could allow an attacker using the service to create resources and access data of other AWS Glue customers, according to Orca Security. 

Special Report

Managing the Multicloud

It’s easier than ever for enterprises to take a multicloud approach, as AWS, Azure, and Google Cloud Platform all share customers. Here’s a look at the issues, vendors and tools involved in the management of multiple clouds.

Read More

Orca researchers say it was due to an internal misconfiguration within AWS Glue, which AWS today confirmed it has since fixed.

SEE: Cloud security: A business guide to essential tools and best practices

Glue, which launched in 2017, is a managed serverless data integration service for connecting large databases, allowing developers to extract, transform and load (ETL) for machine-learning jobs. 

Orca researchers discovered a Glue feature could be used to gain the credentials to a role within the AWS service’s own account to give an attack access to the internal service’s application programming interface (API). 

Using this access with the internal misconfiguration, an attacker

Read More: