AWS - Elastic Beanstalk Unauthenticated Enum
Elastic Beanstalk
For more information check:
pageAWS - Elastic Beanstalk EnumWeb vulnerability
Note that by default Beanstalk environments have the Metadatav1 disabled.
The format of the Beanstalk web pages is https://<webapp-name>-env.<region>.elasticbeanstalk.com/
Insecure Security Group Rules
Misconfigured security group rules can expose Elastic Beanstalk instances to the public. Overly permissive ingress rules, such as allowing traffic from any IP address (0.0.0.0/0) on sensitive ports, can enable attackers to access the instance.
Publicly Accessible Load Balancer
If an Elastic Beanstalk environment uses a load balancer and the load balancer is configured to be publicly accessible, attackers can send requests directly to the load balancer. While this might not be an issue for web applications intended to be publicly accessible, it could be a problem for private applications or environments.
Publicly Accessible S3 Buckets
Elastic Beanstalk applications are often stored in S3 buckets before deployment. If the S3 bucket containing the application is publicly accessible, an attacker could download the application code and search for vulnerabilities or sensitive information.
Enumerate Public Environments
Last updated