A crucial misconfiguration in Amazon Internet Companies (AWS) CodeBuild may have allowed full takeover of the cloud service supplier’s personal GitHub repositories, together with its AWS JavaScript SDK, placing each AWS setting in danger.
The vulnerability has been codenamed CodeBreach by cloud safety firm Wiz. The difficulty was mounted by AWS in September 2025 following accountable disclosure on August 25, 2025.
“By exploiting CodeBreach, attackers may have injected malicious code to launch a platform-wide compromise, probably affecting not simply the numerous purposes relying on the SDK, however the Console itself, threatening each AWS account,” researchers Yuval Avrahami and Nir Ohfeld mentioned in a report shared with The Hacker Information.
The flaw, Wiz famous, is the results of a weak point within the steady integration (CI) pipelines that would have enabled unauthenticated attackers to breach the construct setting, leak privileged credentials like GitHub admin tokens, after which use them to push malicious adjustments to the compromised repository – making a pathway for provide chain assaults.
Put otherwise, the difficulty undermines webhook filters launched by AWS to make sure that solely sure occasions set off a CI construct. For instance, AWS CodeBuild will be configured such {that a} construct is triggered solely when code adjustments are dedicated to a selected department or when a GitHub or GitHub Enterprise Server account ID (aka ACTOR_ID or actor ID) matches the common expression sample. These filters serve to safe in opposition to untrusted pull requests.
The misconfiguration impacted the next AWS-managed open supply GitHub repositories, that are configured to run builds on pull requests –
- aws-sdk-js-v3
- aws-lc
- amazon-corretto-crypto-provider
- awslabs/open-data-registry
The 4 initiatives, which carried out an ACTOR_ID filter, suffered from a “deadly flaw” in that they failed to incorporate two characters to make sure – specifically the beginning ^ and finish $ anchors – essential to yield a precise common expression (regex) match. As an alternative, the regex sample allowed any GitHub consumer ID that was a superstring of an authorised ID (e.g., 755743) to bypass the filter and set off the construct.
As a result of GitHub assigns numeric consumer IDs sequentially, Wiz mentioned it was capable of predict that the brand new consumer IDs (at the moment 9-digits lengthy) would “eclipse” a trusted maintainer’s six-digit ID roughly each 5 days. This perception, coupled with the usage of GitHub Apps to automate app creation (which, in flip, creates a corresponding bot consumer), made it potential to generate a goal ID (e.g., 226755743) by triggering a whole bunch of recent bot consumer registrations.
Armed with the actor ID, an attacker can now set off a construct and acquire the GitHub credentials of the aws-sdk-js-v3 CodeBuild venture, a Private Entry Token (PAT) belonging to the aws-sdk-js-automation consumer, which has full admin privileges over the repository.
The attacker can weaponize this elevated entry to push code on to the primary department, approve pull requests, and exfiltrate repository secrets and techniques, ultimately setting the stage for provide chain assaults.
“The above repositories’ configured common expressions for AWS CodeBuild webhook filters meant to restrict trusted actor IDs had been inadequate, permitting a predictably acquired actor ID to achieve administrative permissions for the affected repositories,” AWS mentioned in an advisory launched as we speak.
“We will affirm these had been project-specific misconfigurations in webhook actor ID filters for these repositories and never a difficulty within the CodeBuild service itself.”
Amazon additionally mentioned it remediated the recognized points, together with implementing extra mitigations, corresponding to credential rotations and steps to safe the construct processes that include GitHub tokens or every other credentials in reminiscence. It additional emphasised that it discovered no proof of CodeBreach having been exploited within the wild.
To mitigate such dangers, it is important that untrusted contributions doesn’t set off privileged CI/CD pipelines by enabling the brand new Pull Request Remark Approval construct gate, use CodeBuild-hosted runners to handle construct triggers through GitHub workflows, guarantee regex patterns in webhook filters are anchored, generate a novel PAT for every CodeBuild venture, restrict the PAT’s permissions to the minimal required, and think about using a devoted unprivileged GitHub account for CodeBuild integration.
“This vulnerability is a textbook instance of why adversaries goal CI/CD environments: a refined, simply ignored flaw that may be exploited for large affect,” Wiz researchers famous. “This mix of complexity, untrusted information, and privileged credentials creates an ideal storm for high-impact breaches that require no prior entry.”
This isn’t the primary time CI/CD pipeline safety has attracted scrutiny. Final yr, analysis from Sysdig detailed how insecure GitHub Actions workflows related to the pull_request_target set off could possibly be exploited to leak the privileged GITHUB_TOKEN and achieve unauthorized entry to dozens of open-source initiatives through the use of a single pull request from a fork.
An analogous two-part evaluation from Orca Safety discovered insecure pull_request_target in initiatives from Google, Microsoft, NVIDIA, and different Fortune-500 firms that would have allowed attackers to run arbitrary code, exfiltrate delicate secrets and techniques, and push malicious code or dependencies to trusted branches. The phenomenon has been dubbed pull_request_nightmare.
“By abusing misconfigured workflows triggered through pull_request_target, adversaries may escalate from an untrusted forked pull request into distant code execution (RCE) on GitHub-hosted and even self-hosted runners,” safety researcher Roi Nisimi famous.
“GitHub Actions workflows that use the pull_request_target ought to by no means checkout untrusted code with out an acceptable validation. As soon as they do, they’re liable to a full compromise.”
