Lemur 1.9.0 Server-Side Request Forgery and IDOR Lead to AWS IAM Compromise
A low-privilege user with a freshly-provisioned SSO account in Netflix's Lemur certificate management service (versions <= 1.9.0) can exploit a Server-Side Request Forgery (SSRF) vulnerability in the ACME authority creation endpoint to reach the AWS EC2 Instance Metadata Service (IMDS), exfiltrating AWS STS credentials, and leveraging a creator-equality Insecure Direct Object Reference (IDOR) vulnerability for permanent access to PKI private keys, resulting in AWS IAM compromise and persistent certificate access.
A critical vulnerability chain impacting Netflix's Lemur certificate management service, specifically version 1.9.0 and earlier releases, allows any SSO-authenticated user to achieve AWS IAM compromise and permanent PKI key access. The attack leverages three distinct weaknesses: automatic provisioning of new SSO identities as active=True without admin approval (affecting lemur/lemur/auth/views.py:300-308), an unauthenticated Server-Side Request Forgery (SSRF) in the ACME authority creation endpoint allowing acme_url to target the EC2 IMDS (lemur/lemur/plugins/lemur_acme/acme_handlers.py:161-201), and a creator-equality Insecure Direct Object Reference (IDOR) that grants the original certificate creator unconditional access to its private key, even after ownership transfer (lemur/lemur/certificates/views.py:734). This combination enables an attacker to exfiltrate AWS STS credentials of the Lemur worker role and maintain permanent access to any TLS private key they originally issued, circumventing standard remediation efforts.
Attack Chain
- SSO Auto-Provisioning (Initial Access): An attacker authenticates via corporate SSO, which Lemur automatically provisions as an active user (
active=True,auto_provisioned=true) without administrative approval or role restrictions. - ACME Authority Creation with SSRF (Credential Access): The attacker, now an authenticated Lemur user, creates a new ACME authority, providing a malicious
acme_urlpointing tohttp://169.254.169.254/latest/meta-data/iam/security-credentials/lemur-acme-role. - IMDS Credential Exfiltration (Exfiltration): The Lemur worker process makes a server-side request to the IMDS endpoint as specified in
acme_url, retrieves AWS STS credentials (AccessKeyId, SecretAccessKey, Token), and returns them in the API response to the attacker via thessrf_response_bodyfield. - Issue Certificate: The attacker uses their newly acquired STS credentials (or their existing Lemur session) to issue a new certificate via Lemur, ensuring they are the original
creator_idof the certificate. - Ownership Transfer (Defense Evasion): To obfuscate their activity, the attacker transfers ownership of the newly issued certificate to a legitimate victim administrator's email (
owner:"victim-admin@netflix.example"). - Persistent Private Key Access (Persistence): Despite the ownership transfer, the attacker, as the original
creator_id, can still re-fetch the certificate's private key via the/api/1/certificates/{id}/keyendpoint, due to the creator-equality IDOR vulnerability, granting them permanent access.
Impact
Successful exploitation of this vulnerability chain leads to severe consequences. Attackers gain access to the AWS STS credentials of the Lemur worker role, potentially allowing them to compromise various AWS resources and services that the Lemur role has permissions to manage. Furthermore, the attacker achieves permanent access to any TLS private keys they issue through Lemur, regardless of subsequent ownership changes or auditing attempts. This undermines the integrity of the organization's Public Key Infrastructure (PKI), enabling decryption of sensitive communications, impersonation of services, or unauthorized signing. The persistent nature of the private key access means that even typical incident response actions like transferring certificate ownership will not revoke the attacker's access.
Recommendation
- Patch Lemur immediately: Upgrade
github.com/Netflix/lemurto a version higher than 1.9.0 that contains fixes for these vulnerabilities. If a patch is not available, apply vendor-provided mitigations for CVE-918, CVE-639, and CVE-285. - Review and Harden SSO Integration: Configure Lemur's SSO integration to require administrative approval for new user accounts or implement allowlists for email domains, as highlighted by the
SSO auto-provisionvulnerability. - Deploy Sigma Rule for SSRF: Implement the
Detect Lemur ACME SSRF to IMDSSigma rule to detect attempts to configure ACME authorities with IMDS endpoints or other RFC1918 addresses. - Deploy Sigma Rule for Private Key Exfiltration: Implement the
Detect Lemur Certificate Private Key ExfiltrationSigma rule to identify suspicious retrieval of certificate private keys by original creators after ownership transfer. - Monitor Lemur API Logs: Actively monitor API calls to
/api/1/authoritiesforacme_urlvalues pointing to internal IP addresses (e.g.,169.254.169.254) or unexpected external hosts, and API calls to/api/1/certificates/{id}/keyfrom users who are not the currentowner.
Detection coverage 2
Detect Lemur ACME SSRF to IMDS
highDetects attempts to create an ACME authority in Lemur with an acme_url pointing to the AWS EC2 Instance Metadata Service (IMDS) IP address, indicating an SSRF attempt to exfiltrate AWS STS credentials.
Detect Lemur Certificate Private Key Exfiltration After Ownership Transfer
highDetects an Insecure Direct Object Reference (IDOR) attempt where an original certificate creator attempts to fetch a private key after the certificate's ownership has been transferred, indicating persistent unauthorized access.
Detection queries are available on the platform. Get full rules →
Indicators of compromise
2
1
ip
2
url
| Type | Value |
|---|---|
| ip | 169.254.169.254 |
| url | http://169.254.169.254/latest/meta-data/iam/security-credentials/lemur-acme-role |
| attacker@evil.example | |
| victim-admin@netflix.example | |
| url | https://asciinema.org/a/CFYaoR2fxWEIdZDf |