LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Security researchers have discovered a new vulnerability affecting command-line tools used in cloud environments.

Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in logs, posing potential risks to organizations utilizing AWS and Google Cloud platforms.

The issue mirrors a previously identified vulnerability in Azure CLI (CVE-2023-36052, with a CVSS score of 8.6), which Microsoft addressed last November. Despite Microsoft’s fix, AWS and Google Cloud CLI remain susceptible to the same flaw.

The vulnerability arises from specific commands within these CLIs inadvertently exposing environment variables containing sensitive information.

Adversaries could exploit this exposure, potentially gaining access to critical credentials such as passwords and keys, thereby compromising resources within affected repositories. This risk is particularly pronounced in Continuous Integration and Continuous Deployment (CI/CD) pipelines.

“CLI commands are by default assumed to be running in a secure environment, but coupled with CI/CD pipelines, they may pose a security threat,” reads an advisory published by Orca today.

“This bypasses secret labeling, which aims to block sensitive exposure because the credentials that are printed back to stdout [the default stream where a program writes its output data] were never defined by the user during the automation setup.”

Orca promptly notified both Google and AWS upon discovery, yet both companies said they consider this behavior within expected design parameters. To mitigate the risk, Orca said organizations should refrain from storing secrets in environment variables, and instead retrieve them from dedicated secrets store services like AWS Secrets Manager.

By following proper protocols, organizations can safeguard against potential exploitation of vulnerabilities like LeakyCLI, thus ensuring the integrity and security of their cloud infrastructures.

Image credit: nikkimeel / Shutterstock.com

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Alessandro Mascellino

You may also like

Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security

The Hard Truth About Network Security

Threat Actors Use AWS SSM Agent as a Remote Access Trojan

Capital One Fined $80m for 2019 Breach

Equifax and Capital One: What Should We Learn?

What’s hot on Infosecurity Magazine?

How to Backup and Restore Database in SQL Server

DragonForce Ransomware Group Uses LockBit's Leaked Builder

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities

BEC and Fund Transfer Fraud Top Insurance Claims

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

Alarming Decline in Cybersecurity Job Postings in the US

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites

Dependency Confusion Vulnerability Found in Apache Project

Security Leaders Braced for Daily AI-Driven Attacks by Year-End

Fifth of CISOs Admit Staff Leaked Data Via GenAI

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Understand and Combat the Top Healthcare Cloud Threats Today

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Written by

You may also like

What’s hot on Infosecurity Magazine?