Wiz Research take over key AWS repos

Wiz Research discovered a critical supply chain vulnerability in AWS CodeBuild that could have allowed attackers to take over key AWS GitHub repositories, including the JavaScript SDK powering the AWS Console. The vulnerability stemmed from a misconfiguration in how the repositories’ AWS CodeBuild CI pipelines handled build triggers, allowing unauthenticated attackers to infiltrate the build environment and leak privileged credentials. Wiz responsibly disclosed the findings to AWS, which promptly remediated the issue and implemented global hardening measures within the CodeBuild service to prevent similar attacks.