Skip to main content

AWS CodeBuild project modified to allow public access

ID:aws_codebuild_project_public
Data type:AWS CloudTrail
Severity:
Low
MITRE ATT&CK:TA0010:T1537

Description

AlphaSOC detected that an AWS CodeBuild project was modified to allow public access, exposing the build process to unauthorized users. AWS CodeBuild is a managed CI service that compiles code, runs tests, and creates software packages. Enabling public access to an AWS CodeBuild project can expose sensitive build processes and potentially confidential information to unauthorized users.

Impact

Allowing public access to an AWS CodeBuild project can expose source code, build artifacts, and configuration details, leading to risks such as intellectual property theft, compromise of deployment processes, and exploitation of vulnerabilities in the build pipeline. Threat actors may use this information to escalate attacks or gain unauthorized access to other parts of the infrastructure.

Severity

SeverityCondition
Low
An AWS CodeBuild project was modified to allow public access

Investigation and Remediation

Investigate the specific AWS CodeBuild project that was modified, identifying who made the change and why. Review AWS Cloudtrail logs to determine if the modification was authorized. If the change was unauthorized or made inadvertantly, revoke public access.

Known False Positives

  • Intentional public sharing of non-sensitive, open-source projects
  • Misconfigured settings that appear to enable public access but are restricted by additional access controls
  • Temporary public access granted for legitimate testing or demonstration purposes