{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/github.com/netflix/lemur--1.9.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["github.com/Netflix/lemur \u003c= 1.9.0","AWS IAM","AWS STS"],"_cs_severities":["critical"],"_cs_tags":["ssrf","idor","aws","iam","pki","credential-access","exfiltration","webserver"],"_cs_type":"advisory","_cs_vendors":["Netflix","Amazon"],"content_html":"\u003cp\u003eA critical vulnerability chain impacting Netflix's Lemur certificate management service, specifically version 1.9.0 and earlier releases, allows any SSO-authenticated user to achieve AWS IAM compromise and permanent PKI key access. The attack leverages three distinct weaknesses: automatic provisioning of new SSO identities as \u003ccode\u003eactive=True\u003c/code\u003e without admin approval (affecting \u003ccode\u003elemur/lemur/auth/views.py:300-308\u003c/code\u003e), an unauthenticated Server-Side Request Forgery (SSRF) in the ACME authority creation endpoint allowing \u003ccode\u003eacme_url\u003c/code\u003e to target the EC2 IMDS (\u003ccode\u003elemur/lemur/plugins/lemur_acme/acme_handlers.py:161-201\u003c/code\u003e), and a creator-equality Insecure Direct Object Reference (IDOR) that grants the original certificate creator unconditional access to its private key, even after ownership transfer (\u003ccode\u003elemur/lemur/certificates/views.py:734\u003c/code\u003e). This combination enables an attacker to exfiltrate AWS STS credentials of the Lemur worker role and maintain permanent access to any TLS private key they originally issued, circumventing standard remediation efforts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eSSO Auto-Provisioning (Initial Access)\u003c/strong\u003e: An attacker authenticates via corporate SSO, which Lemur automatically provisions as an active user (\u003ccode\u003eactive=True\u003c/code\u003e, \u003ccode\u003eauto_provisioned=true\u003c/code\u003e) without administrative approval or role restrictions.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eACME Authority Creation with SSRF (Credential Access)\u003c/strong\u003e: The attacker, now an authenticated Lemur user, creates a new ACME authority, providing a malicious \u003ccode\u003eacme_url\u003c/code\u003e pointing to \u003ccode\u003ehttp://169.254.169.254/latest/meta-data/iam/security-credentials/lemur-acme-role\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIMDS Credential Exfiltration (Exfiltration)\u003c/strong\u003e: The Lemur worker process makes a server-side request to the IMDS endpoint as specified in \u003ccode\u003eacme_url\u003c/code\u003e, retrieves AWS STS credentials (AccessKeyId, SecretAccessKey, Token), and returns them in the API response to the attacker via the \u003ccode\u003essrf_response_body\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIssue Certificate\u003c/strong\u003e: The attacker uses their newly acquired STS credentials (or their existing Lemur session) to issue a new certificate via Lemur, ensuring they are the original \u003ccode\u003ecreator_id\u003c/code\u003e of the certificate.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOwnership Transfer (Defense Evasion)\u003c/strong\u003e: To obfuscate their activity, the attacker transfers ownership of the newly issued certificate to a legitimate victim administrator's email (\u003ccode\u003eowner:\u0026quot;victim-admin@netflix.example\u0026quot;\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePersistent Private Key Access (Persistence)\u003c/strong\u003e: Despite the ownership transfer, the attacker, as the original \u003ccode\u003ecreator_id\u003c/code\u003e, can still re-fetch the certificate's private key via the \u003ccode\u003e/api/1/certificates/{id}/key\u003c/code\u003e endpoint, due to the creator-equality IDOR vulnerability, granting them permanent access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability chain leads to severe consequences. Attackers gain access to the AWS STS credentials of the Lemur worker role, potentially allowing them to compromise various AWS resources and services that the Lemur role has permissions to manage. Furthermore, the attacker achieves permanent access to any TLS private keys they issue through Lemur, regardless of subsequent ownership changes or auditing attempts. This undermines the integrity of the organization's Public Key Infrastructure (PKI), enabling decryption of sensitive communications, impersonation of services, or unauthorized signing. The persistent nature of the private key access means that even typical incident response actions like transferring certificate ownership will not revoke the attacker's access.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch Lemur immediately\u003c/strong\u003e: Upgrade \u003ccode\u003egithub.com/Netflix/lemur\u003c/code\u003e to a version higher than 1.9.0 that contains fixes for these vulnerabilities. If a patch is not available, apply vendor-provided mitigations for CVE-918, CVE-639, and CVE-285.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReview and Harden SSO Integration\u003c/strong\u003e: Configure Lemur's SSO integration to require administrative approval for new user accounts or implement allowlists for email domains, as highlighted by the \u003ccode\u003eSSO auto-provision\u003c/code\u003e vulnerability.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeploy Sigma Rule for SSRF\u003c/strong\u003e: Implement the \u003ccode\u003eDetect Lemur ACME SSRF to IMDS\u003c/code\u003e Sigma rule to detect attempts to configure ACME authorities with IMDS endpoints or other RFC1918 addresses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeploy Sigma Rule for Private Key Exfiltration\u003c/strong\u003e: Implement the \u003ccode\u003eDetect Lemur Certificate Private Key Exfiltration\u003c/code\u003e Sigma rule to identify suspicious retrieval of certificate private keys by original creators after ownership transfer.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMonitor Lemur API Logs\u003c/strong\u003e: Actively monitor API calls to \u003ccode\u003e/api/1/authorities\u003c/code\u003e for \u003ccode\u003eacme_url\u003c/code\u003e values pointing to internal IP addresses (e.g., \u003ccode\u003e169.254.169.254\u003c/code\u003e) or unexpected external hosts, and API calls to \u003ccode\u003e/api/1/certificates/{id}/key\u003c/code\u003e from users who are not the current \u003ccode\u003eowner\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T10:43:57Z","date_published":"2026-07-03T10:43:57Z","id":"https://feed.craftedsignal.io/briefs/2026-07-lemur-ssrf-idor-aws-iam/","summary":"A low-privilege user with a freshly-provisioned SSO account in Netflix's Lemur certificate management service (versions \u003c= 1.9.0) can exploit a Server-Side Request Forgery (SSRF) vulnerability in the ACME authority creation endpoint to reach the AWS EC2 Instance Metadata Service (IMDS), exfiltrating AWS STS credentials, and leveraging a creator-equality Insecure Direct Object Reference (IDOR) vulnerability for permanent access to PKI private keys, resulting in AWS IAM compromise and persistent certificate access.","title":"Lemur 1.9.0 Server-Side Request Forgery and IDOR Lead to AWS IAM Compromise","url":"https://feed.craftedsignal.io/briefs/2026-07-lemur-ssrf-idor-aws-iam/"}],"language":"en","title":"CraftedSignal Threat Feed - Github.com/Netflix/Lemur \u003c= 1.9.0","version":"https://jsonfeed.org/version/1.1"}