Cybersecurity researchers have uncovered a critical vulnerability in the AWS Glue service that could allow remote attackers to access sensitive data owned by large numbers of customers. The bug was created due to an internal misconfiguration within the service. AWS Glue allows customers to combine data for projects such as app development, analytics, and machine learning. Since the data integration service can access large volumes of potentially sensitive data, it is an attractive target to attackers.

Orca Security found that it was able to assume roles in AWS customer accounts that are trusted by Glue and modify AWS Glue service-related resources in a region such as Glue jobs, dev endpoints, workflows, crawlers, and triggers. The research team at Orca Security was able to discover the bug before it impacted customers. The same research team found a second vulnerability in AWS this week, named “BreakingFormation.” This flaw allowed for attackers to leak sensitive files on targeted service machines and steal credentials related to AWS infrastructure services. AWS has fixed both vulnerabilities since they were reported.