Amazon Web Services fixes a flaw that could give an attacker access to data of other users on its Glue managed data integration service.
Amazon Web Services has fixed two flaws affecting AWS Glue and AWS CloudFormation. The bug in AWS Glue could allow an attacker using the service to create resources and access data of other AWS Glue customers, according to Orca Security. Orca researchers say it was due to an internal misconfiguration within AWS Glue, which AWS today confirmed it has since fixed. SEE: Cloud security: A business guide to essential tools and best practices Glue, which launched in 2017, is a managed serverless data integration service for connecting large databases, allowing developers to extract, transform and load (ETL) for machine-learning jobs. Orca researchers discovered a Glue feature could be used to gain the credentials to a role within the AWS service’s own account to give an attack access to the internal service’s application programming interface (API).
