Is GetJobDetails considered a possible privelege escalation as well?

[vo55]

Hey there,

the codepipeline action "GetJobDetails" may return temporary s3 credentials which allow access to artifacts. Therefore, with the GetJobDetails action permission you can grab temporary credentials and access artifacts.

From the documentation:
"Important

When this API is called, AWS CodePipeline returns temporary credentials for the Amazon S3 bucket used to store artifacts for the pipeline, if the action requires access to that Amazon S3 bucket for input or output artifacts. This API also returns any secret values defined for the action."

https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_GetJobDetails.html

Thanks in advance,
Philip

[miglen]

No, by definition privilege escalation is when a user may gain elevated access to resources that are normally protected. You may see that most examples in the repository are focused on IAM privilege escalation. You already have access to view some of the pipeline artifacts already.