- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- Change these 10 iOS settings right now to instantly get better iPhone battery life
- How to clear the cache on your Windows 11 PC (and why you shouldn't wait to do it)
LeakyCLI Flaw Exposes AWS and Google Cloud Credentials
Security researchers have discovered a new vulnerability affecting command-line tools used in cloud environments.
Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in logs, posing potential risks to organizations utilizing AWS and Google Cloud platforms.
The issue mirrors a previously identified vulnerability in Azure CLI (CVE-2023-36052, with a CVSS score of 8.6), which Microsoft addressed last November. Despite Microsoft’s fix, AWS and Google Cloud CLI remain susceptible to the same flaw.
The vulnerability arises from specific commands within these CLIs inadvertently exposing environment variables containing sensitive information.
Adversaries could exploit this exposure, potentially gaining access to critical credentials such as passwords and keys, thereby compromising resources within affected repositories. This risk is particularly pronounced in Continuous Integration and Continuous Deployment (CI/CD) pipelines.
“CLI commands are by default assumed to be running in a secure environment, but coupled with CI/CD pipelines, they may pose a security threat,” reads an advisory published by Orca today.
“This bypasses secret labeling, which aims to block sensitive exposure because the credentials that are printed back to stdout [the default stream where a program writes its output data] were never defined by the user during the automation setup.”
Orca promptly notified both Google and AWS upon discovery, yet both companies said they consider this behavior within expected design parameters. To mitigate the risk, Orca said organizations should refrain from storing secrets in environment variables, and instead retrieve them from dedicated secrets store services like AWS Secrets Manager.
By following proper protocols, organizations can safeguard against potential exploitation of vulnerabilities like LeakyCLI, thus ensuring the integrity and security of their cloud infrastructures.
Read more on cloud security here: NSA Launches Top 10 Cloud Security Mitigation Strategies
Image credit: nikkimeel / Shutterstock.com
