A important misconfiguration in Amazon Net Providers (AWS) CodeBuild might have allowed full takeover of the cloud service supplier’s personal GitHub repositories, together with its AWS JavaScript SDK, placing each AWS setting in danger.
The vulnerability has been codenamed CodeBreach by cloud safety firm Wiz. The problem was fastened by AWS in September 2025 following accountable disclosure on August 25, 2025.
“By exploiting CodeBreach, attackers might have injected malicious code to launch a platform-wide compromise, doubtlessly affecting not simply the numerous purposes relying on the SDK, however the Console itself, threatening each AWS account,” researchers Yuval Avrahami and Nir Ohfeld stated in a report shared with The Hacker Information.
The flaw, Wiz famous, is the results of a weak point within the steady integration (CI) pipelines that might have enabled unauthenticated attackers to breach the construct setting, leak privileged credentials like GitHub admin tokens, after which use them to push malicious modifications to the compromised repository – making a pathway for provide chain assaults.
Put otherwise, the difficulty undermines webhook filters launched by AWS to make sure that solely sure occasions set off a CI construct. For instance, AWS CodeBuild will be configured such {that a} construct is triggered solely when code modifications are dedicated to a selected department or when a GitHub or GitHub Enterprise Server account ID (aka ACTOR_ID or actor ID) matches the common expression sample. These filters serve to safe towards untrusted pull requests.
The misconfiguration impacted the next AWS-managed open supply GitHub repositories, that are configured to run builds on pull requests –
aws-sdk-js-v3
aws-lc
amazon-corretto-crypto-provider
awslabs/open-data-registry
The 4 initiatives, which applied an ACTOR_ID filter, suffered from a “deadly flaw” in that they failed to incorporate two characters to make sure – specifically the beginning ^ and finish $ anchors – essential to yield an actual common expression (regex) match. As a substitute, the regex sample allowed any GitHub consumer ID that was a superstring of an permitted ID (e.g., 755743) to bypass the filter and set off the construct.
As a result of GitHub assigns numeric consumer IDs sequentially, Wiz stated it was capable of predict that the brand new consumer IDs (at present 9-digits lengthy) would “eclipse” a trusted maintainer’s six-digit ID roughly each 5 days. This perception, coupled with using GitHub Apps to automate app creation (which, in flip, creates a corresponding bot consumer), made it doable to generate a goal ID (e.g., 226755743) by triggering tons of of recent bot consumer registrations.
Armed with the actor ID, an attacker can now set off a construct and procure the GitHub credentials of the aws-sdk-js-v3 CodeBuild challenge, a Private Entry Token (PAT) belonging to the aws-sdk-js-automation consumer, which has full admin privileges over the repository.
The attacker can weaponize this elevated entry to push code on to the principle department, approve pull requests, and exfiltrate repository secrets and techniques, finally setting the stage for provide chain assaults.
“The above repositories’ configured common expressions for AWS CodeBuild webhook filters supposed to restrict trusted actor IDs had been inadequate, permitting a predictably acquired actor ID to achieve administrative permissions for the affected repositories,” AWS stated in an advisory launched in the present day.
“We are able to verify these had been project-specific misconfigurations in webhook actor ID filters for these repositories and never a difficulty within the CodeBuild service itself.”
Amazon additionally stated it remediated the recognized points, together with implementing extra mitigations, equivalent to credential rotations and steps to safe the construct processes that comprise GitHub tokens or every other credentials in reminiscence. It additional emphasised that it discovered no proof of CodeBreach having been exploited within the wild.
To mitigate such dangers, it is important that untrusted contributions doesn’t set off privileged CI/CD pipelines by enabling the brand new Pull Request Remark Approval construct gate, use CodeBuild-hosted runners to handle construct triggers through GitHub workflows, guarantee regex patterns in webhook filters are anchored, generate a singular PAT for every CodeBuild challenge, restrict the PAT’s permissions to the minimal required, and think about using a devoted unprivileged GitHub account for CodeBuild integration.
“This vulnerability is a textbook instance of why adversaries goal CI/CD environments: a delicate, simply neglected flaw that may be exploited for large affect,” Wiz researchers famous. “This mixture of complexity, untrusted information, and privileged credentials creates an ideal storm for high-impact breaches that require no prior entry.”
This isn’t the primary time CI/CD pipeline safety has attracted scrutiny. Final 12 months, analysis from Sysdig detailed how insecure GitHub Actions workflows related to the pull_request_target set off may very well be exploited to leak the privileged GITHUB_TOKEN and acquire unauthorized entry to dozens of open-source initiatives by utilizing a single pull request from a fork.
An identical two-part evaluation from Orca Safety discovered insecure pull_request_target in initiatives from Google, Microsoft, NVIDIA, and different Fortune-500 corporations that might have allowed attackers to run arbitrary code, exfiltrate delicate secrets and techniques, and push malicious code or dependencies to trusted branches. The phenomenon has been dubbed pull_request_nightmare.
“By abusing misconfigured workflows triggered through pull_request_target, adversaries might escalate from an untrusted forked pull request into distant code execution (RCE) on GitHub-hosted and even self-hosted runners,” safety researcher Roi Nisimi famous.
“GitHub Actions workflows that use the pull_request_target ought to by no means checkout untrusted code with out an applicable validation. As soon as they do, they’re liable to a full compromise.”
