May 21, 2024 at 03:06PM
Threat actors breached AWS accounts using leaked plaintext authentication secrets in Atlassian Bitbucket artifacts. Mandiant discovered this issue in the context of an investigation, highlighting the potential leakage of secured data in public repositories. Bitbucket’s secured variables encrypt sensitive information, but Mandiant found that artifact objects can contain plaintext secured variables, posing a risk of unauthorized access.
The meeting notes highlight the discovery of threat actors breaching AWS accounts through leaked authentication secrets stored as plaintext in Atlassian Bitbucket artifact objects. This exposure of AWS secrets demonstrates the risk of sensitive data being leaked to public repositories. The root cause was identified as the inclusion of secured variables in plaintext form within artifact files generated during Bitbucket Pipelines runs.
Developers can mitigate this risk by reviewing artifacts to ensure no plaintext secrets are present, using a dedicated solution for secret management, and deploying code scanning throughout the pipeline lifecycle to identify and remove secret exposure events before code reaches production.