CISA Contractor Publicly Leaks AWS GovCloud Credentials on GitHub
What Happened – A contractor working for the Cybersecurity and Infrastructure Security Agency (CISA) inadvertently published a public GitHub repository that contained AWS GovCloud access keys, internal configuration files, and plaintext passwords. The repository was discovered by security researchers and reported to CISA for immediate remediation.
Why It Matters for TPRM –
- Exposure of privileged cloud credentials can enable unauthorized access to sensitive government workloads.
- Highlights the risk of third‑party personnel mishandling credential hygiene, a common supply‑chain weakness.
- Demonstrates the need for continuous monitoring of vendor code repositories and strict secret‑management policies.
Who Is Affected – Federal government agencies (GOV_PUBLIC), cloud service providers (AWS GovCloud), and any downstream contractors that rely on the compromised environment.
Recommended Actions –
- Conduct an urgent review of all third‑party access to your cloud environments and enforce least‑privilege principles.
- Verify that all contractors follow secure coding practices, including secret scanning of public repositories.
- Rotate any exposed keys, passwords, and certificates; audit logs for suspicious activity.
Technical Notes – The leak resulted from a misconfigured GitHub repository (MISCONFIGURATION) that exposed AWS GovCloud access keys (IAM credentials) and internal configuration files. No specific CVE is associated, but the incident underscores the importance of secret‑scanning tools (e.g., GitGuardian, TruffleHog). Source: TechRepublic Security