Always a fun day when endpoints hand out free shells and cloud "security features" double as recon tools.
๐ Free Root via Langflow
Langflow just gifted the internet a trivial RCE. They left `/api/v1/build_public_tmp` unauthenticated for "public flows." Feed it a custom payload with Python nodes, and the backend shoves your string straight into an unsandboxed `exec()`. One POST gets you a root shell and every env var.
- Tradeoff: You can't just slap auth on an endpoint designed to blindly run user code.
- Telemetry: Hunt ingress logs for POSTs to `/api/v1/build_public_tmp` containing `import os`.
- Action: Block this path at your WAF. Details in the GitHub advisory.
๐ชฃ AWS Kills Bucket Obscurity
AWS finally fixed S3 domain-squatting with a new account-regional namespace (`bucketname-accountID-region-an`). The catch? They just handed attackers a map to your shadow data.
Since account IDs are effectively public, attackers grab a legacy public bucket, rip the region from HTTP headers, brute-force your ID, and mass-enumerate private buckets. A 403 instead of a 404 confirms the bucket exists and is uniquely yours.
- Tradeoff: Squatting is dead, but hiding internal bucket names is now impossible.
- Telemetry: Watch CloudTrail for `403 Access Denied` spikes hitting dictionary bucket names.
- Action: Map your exposure with Bucky before attackers do. Full chain in this PwnedLabs writeup.