AWS OIDC — Github Actions Abuse

n00🔑
4 min readDec 9, 2022

Hi readers, here we will see how someone knowing/guessing role arn created for GitHub actions can escalate privileges.

Note: Now this has been fixed! If you try creating an OIDC connect it asks for GitHub organization.

Creating scenario-

Let’s assume we want GitHub actions to perform certain operations in our AWS account. For this example, we will be listing s3 buckets using GitHub actions. Steps-

  1. Adding GitHub as an Identity provider-

a) Goto Identity provider option in IAM.

b) Add identity provider with type OpenIDConnect.

c) Provider URL: https://token.actions.githubusercontent.com

d) Click get thumbprint.

e) Add Audience as sts.amazonaws.com

f) Click add provider

--

--

n00🔑
n00🔑

Written by n00🔑

Computer Security Enthusiast. Usually plays HTB (ID-23862). https://www.youtube.com/@pswalia2u https://www.linkedin.com/in/pswalia2u/ Instagram @pswalia4u

No responses yet