TF 0192 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Task definition defines sensitive environment variable(s).
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | ecs |
| Provider | AWS |
| Vulnerability Type | omission |
Description
Sensitive information such as passwords, API keys, or secrets is stored as plaintext environment variables in ECS task definitions. This exposes confidential data directly in the task configuration, which can be viewed by anyone with access to the AWS Management Console or infrastructure code.
Impact
If exploited, attackers or unauthorized users could retrieve credentials or secrets from the environment variables, leading to potential unauthorized access to databases, APIs, or other critical systems. This can result in data breaches, service disruption, and compromise of cloud resources.
Resolution
Use secrets for the task definition