HQ/EMEAFind out how we can help your business
Recent research discovered that threat actors infiltrate AWS accounts using authentication information exposed in plaintext from Atlassian BitBucket artefact files. Based on reports, the researchers identified the vulnerability while investigating a recent leak of Amazon Web Services (AWS) secrets used by threat actors to acquire unauthorised access to AWS.
Moreover, the researchers stated that they had discovered the flaw after an inquiry, indicating that the stored data might have been previously exploited since it is in plaintext in public repositories.
BitBucket is a web-based version of a repository that benefits various developers with its services.
BitBucket is operated by Atlassian, a web-based version control repository and hosting service that provides developers with a code management and collaboration platform. In addition, BitBucket Pipelines is a CI/CD solution that automates the development, testing, and deployment procedures.
Experts explained that system admins frequently connect Pipelines to AWS directly to provide rapid app development and resource access via AWS CLI, SDKs, and other AWS tools.
To aid this automation, Bitbucket enables developers to store sensitive information, such as AWS authentication secrets, in ‘Secured Variables’ so that they can utilise these variables in their code without revealing the keys to others.
Subsequently, once a variable is marked as secured in BitBucket, its values are encrypted to avoid public exposure within the Bitbucket environment. Documentation about this process explained that a user can ensure a variable, meaning it can be used in a user’s scripts, but its value will not be accessible in the built logs.
Suppose a user wants to edit a secure variable, but BitBucket can only provide it in a new value or delete it since the secured variables are only stored as encrypted values. Still, researchers revealed that artefact objects generated during pipeline runs could include sensitive information, such as plaintext-secured variables.
Since developers may be unaware that these secrets are exposed in artefact files, the source code may be leaked to public repositories, where threat actors can steal it. Therefore, users of this repository should monitor their data and be cautious with their digital presence since there is a possibility that the threat actors have already exploited this flaw.
