"LeakyCLI Flaw Exposes AWS and Google Cloud Credentials"

A new security flaw, dubbed "LeakyCLI" by the Orca Security team, impacts command-line tools used in cloud environments. The vulnerability exposes sensitive credentials in logs, posing a risk to organizations that use Amazon Web Services (AWS) and Google Cloud. The problem reflects a previously identified vulnerability in Azure Command-Line Interface (CLI), which Microsoft addressed in November 2023. Although Microsoft fixed it, AWS and Google Cloud CLIs are still vulnerable to the same flaw. The vulnerability stems from specific commands within these CLIs that accidentally expose environment variables containing sensitive information. The exploitation of this exposure allows adversaries to gain access to critical credentials and compromise resources in affected repositories. This article continues to discuss the potential exploitation and impact of the LeakyCLI flaw.

Infosecurity Magazine reports "LeakyCLI Flaw Exposes AWS and Google Cloud Credentials"

Submitted by grigby1