Supply Chain Vuln Compromised Core AWS GitHub Repos & Threatened the AWS Console

Summary

Wiz Research uncovered CodeBreach, a critical vulnerability that placed the AWS Console supply chain at risk. The issue allowed a complete takeover of key AWS GitHub repositories - most notably the AWS JavaScript SDK, a core library that powers the AWS Console. By exploiting CodeBreach, attackers could have injected malicious code to launch a platform-wide compromise, potentially affecting not just the countless applications depending on the SDK, but the Console itself, threatening every AWS account.The vulnerability stemmed from a subtle flaw in how the repositories’ AWS CodeBuild CI pipelines handled build triggers. Just two missing characters in a Regex filter allowed unauthenticated attackers to infiltrate the build environment and leak privileged credentials. This post breaks down how we leveraged this subtle misconfiguration to achieve a full repository takeover, and provides key recommendations for CodeBuild users to harden their own projects against similar attacks.Wiz responsibly disclosed all findings to AWS, who promptly remediated the issue. AWS also implemented global hardening measures within the CodeBuild service to prevent similar attacks. Most notably, the new Pull Request Approval build gate offers organizations a simple and secure path to prevent untrusted builds. Read the AWS Advisory here.This issue follows a familiar pattern seen in recent supply-chain attacks like the Nx S1ngularity incident, where subtle CI/CD misconfigurations lead to disproportionately impactful attacks. Just last July, a threat actor abused a similar CodeBuild issue to launch a supply chain attack against users of the Amazon Q VS Code extension. This growing trend underscores the urgent need for organizations to harden their CI/CD pipelines.Required Actions and MitigationsWhile no immediate action is required by downstream consumers of the affected AWS GitHub repositories, we strongly recommend all AWS CodeBuild users implement the following safeguards to protect their ow...