Researchers discovered a vulnerability in the Amazon Web Service (AWS) Glue service which could allow remote attackers to access sensitive data. The issue was made possible due to an internal configuration error. AWS Glue is a serverless data integration service that allows customers to discover and combine data for machine learning, analytics, and application development. The issue is a privilege escalation flaw that allowed the researchers to gain access to high level administrator accounts and access any data they wanted. Because of the nature of the sensitive data on these servers, it is a high valued target for threat actors.
Analyst Notes
Luckily, the research team that discovered the vulnerability within the service reported it to AWS to mitigate. AWS announced that it was fixed before any threat actors had the chance to exploit the vulnerability and steal data.
https://www.infosecurity-magazine.com/news/aws-patches-glue-bug-customer-data/
