Wiz Research discovered CodeBreach, a critical vulnerability that risked the AWS Console supply chain. Learn how to secure your AWS CodeBuild pipelines.

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

Wiz Research discovered CodeBreach, a critical supply chain vulnerability in AWS CodeBuild that enabled complete takeover of key AWS GitHub repositories, including the JavaScript SDK powering the AWS Console. The flaw stemmed from unanchored regex patterns in ACTOR_ID webhook filters, allowing attackers to bypass authentication by registering GitHub user IDs that contained approved maintainer IDs as substrings. Researchers demonstrated a full proof-of-concept by exploiting this misconfiguration to extract privileged GitHub credentials and gain admin access to repositories. AWS promptly remediated the issue and implemented global hardening measures, including a new Pull Request Comment Approval build gate. The incident highlights the growing trend of CI/CD pipeline attacks and emphasizes the need for organizations to prevent untrusted pull requests from triggering privileged builds.

CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig

Unanchored: How a Subtle Flaw Led to CI Compromise

From Bypass to Admin: Executing the Takeover