AWS CodeBuild project modified to allow public access
Description
AlphaSOC detected that an AWS CodeBuild project was modified to allow public access, exposing the build process to unauthorized users. AWS CodeBuild is a managed CI service that compiles code, runs tests, and creates software packages. Enabling public access to an AWS CodeBuild project can expose sensitive build processes and potentially confidential information to unauthorized users.
Impact
Allowing public access to an AWS CodeBuild project can expose source code, build artifacts, and configuration details, leading to risks such as intellectual property theft, compromise of deployment processes, and exploitation of vulnerabilities in the build pipeline. Threat actors may use this information to escalate attacks or gain unauthorized access to other parts of the infrastructure.
Severity
Severity | Condition |
---|---|
Low | An AWS CodeBuild project was modified to allow public access |
Investigation and Remediation
Investigate the specific AWS CodeBuild project that was modified, identifying who made the change and why. Review AWS Cloudtrail logs to determine if the modification was authorized. If the change was unauthorized or made inadvertantly, revoke public access.
Known False Positives
- Intentional public sharing of non-sensitive, open-source projects
- Misconfigured settings that appear to enable public access but are restricted by additional access controls
- Temporary public access granted for legitimate testing or demonstration purposes