严重的 LeakyCLI 漏洞泄露了 Google Cloud、Azure 和 AWS 中的敏感数据

在 Google Cloud、Azure 和 AWS 命令​​行界面工具中发现了一个名为“LeakyCLI”(CVE-2023-36052) 的高严重性漏洞。此缺陷会导致 GitHub Actions、TravisCI、CircleCI 和 Cloud Build 日志中的访问令牌和敏感信息意外泄漏。威胁参与者可以利用此漏洞来访问存储库所有者的凭据和敏感资源。

High-Severity Vulnerability in LeakyCLI Tools Exposes Sensitive Information in Google Cloud, Azure, and AWS

LeakyCLI 工具中的高严重性漏洞暴露了 Google Cloud、Azure 和 AWS 中的敏感信息

A critical vulnerability has been discovered in the command line interface (CLI) tools of Google Cloud, Azure, and Amazon Web Services (AWS), exposing sensitive information to unauthorized access. Dubbed "LeakyCLI," the flaw threatens organizations' security by potentially compromising confidential data.

Google Cloud、Azure 和 Amazon Web Services (AWS) 的命令行界面 (CLI) 工具中发现了一个严重漏洞，导致敏感信息遭到未经授权的访问。该漏洞被称为“LeakyCLI”，可能会泄露机密数据，从而威胁组织的安全。

Tracked as CVE-2023-36052, the vulnerability allows adversaries to access unintended access tokens and sensitive information, including credentials, usernames, and keys. This information could grant attackers the ability to access any resources available to the repository owners, leading to further malicious activity.

该漏洞编号为 CVE-2023-36052，允许攻击者意外访问访问令牌和敏感信息，包括凭据、用户名和密钥。此信息可能使攻击者能够访问存储库所有者可用的任何资源，从而导致进一步的恶意活动。

A report from cybersecurity firm Orca Security highlights the exploitation of the vulnerability in GitHub projects on GitHub Actions, TravisCI, CircleCI, and Cloud Build logs. Researchers emphasize that the compromised environment variables can be used to view confidential information, including passwords.

网络安全公司 Orca Security 的一份报告强调了 GitHub Actions、TravisCI、CircleCI 和 Cloud Build 日志中 GitHub 项目中漏洞的利用情况。研究人员强调，受损的环境变量可用于查看机密信息，包括密码。

"If malicious actors gain access to these environment variables, they could potentially view sensitive information, including credentials such as passwords, usernames, and keys," said Roi Nisimi, a researcher at Orca Security.

Orca Security 研究员 Roi Nisimi 表示：“如果恶意行为者获得对这些环境变量的访问权限，他们就有可能查看敏感信息，包括密码、用户名和密钥等凭据。”

Microsoft promptly addressed the bug in November. However, Amazon and Google consider the issue to be expected behavior, encouraging users to utilize dedicated secrets storage services.

微软在 11 月份立即修复了该错误。然而，亚马逊和谷歌认为该问题是预期行为，鼓励用户使用专用的秘密存储服务。

Organizations are advised to take immediate action to mitigate this high-severity vulnerability. Regular software updates and the diligent use of secrets storage services are essential to protect sensitive data and prevent unauthorized access.

建议组织立即采取行动来缓解这一高严重性漏洞。定期软件更新和勤奋使用秘密存储服务对于保护敏感数据和防止未经授权的访问至关重要。

Experts recommend the following best practices to minimize risk:

专家建议采用以下最佳实践来最大程度地降低风险：

• Keep software updated with the latest security patches.
• Utilize secrets management services to securely store and access sensitive credentials.
• Regularly review and audit system logs to detect any suspicious activity.
• Enforce strong password policies and enable multi-factor authentication.

By adhering to these guidelines, organizations can significantly reduce the likelihood of exploitation through the LeakyCLI vulnerability and safeguard their sensitive information from unauthorized access.

使用最新的安全补丁更新软件。利用机密管理服务安全地存储和访问敏感凭据。定期检查和审核系统日志以检测任何可疑活动。执行强密码策略并启用多重身份验证。通过遵守这些准则，组织可以显着降低 LeakyCLI 漏洞被利用的可能性，并保护其敏感信息免遭未经授权的访问。