top | item 29925985

(no title)

cateof | 4 years ago

Seems like the AWS Glue exploit [1] discovered by the same team is the more critical one of these two. The CTO of Orca confirmed that they were able to access an admin role in an AWS service account, and from there assume roles in customer accounts with service roles that trust the glue service [2].

1: https://orca.security/resources/blog/aws-glue-vulnerability/ 2: https://twitter.com/yoavalon/status/1481691075672694793

discuss

orf|4 years ago

What’s the actual exploit? Both of the articles are completely barren.