A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'

A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub repositories and put every AWS environment in the world at risk, according to Wiz security researchers.

The Wiz kids disclosed this supply chain snafu to AWS in August, and the cloud giant fixed the security issue in September, before a cybercriminal or government-backed goon stumbled upon the misconfiguration and abused it to spark a worldwide meltdown.

This, we're told, prevented a bigger-than-SolarWinds supply chain attack – so be sure to thank your friendly neighborhood security researchers before you go to sleep tonight. 

"This vulnerability compromised a core library used in the AWS Console itself – the central nervous system of the cloud," Wiz vulnerability researcher Yuval Avrahami told The Register. "SolarWinds gave attackers access to corporate networks. This could have given attackers code execution in the very interface administrators use to manage their ...