Undocumented AWS CodeBuild Endpoints Exploited for Privilege Escalation

💬 Using undocumented AWS CodeBuild endpoints to extract privileged tokens from AWS CodeConnections allowing lateral movement and privilege escalation through an organisation's codebase The post describes a research project investigating AWS CodeConnections security by monitoring CodeBuild job bootstrapping requests. It details the discovery of undocumented endpoints that can retrieve raw GitHub App tokens or BitBucket JWT App tokens used by CodeConnections. These tokens often grant excessive privileges beyond the repository where the CodeBuild job is executed. Source: https://reddit.com/r/netsec/comments/1sbe9tn/using_undocumented_aws_codebuild_endpoints_to/