Task definition defines sensitive environment variable(s).
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | ecs |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
Sensitive information such as passwords, API keys, or secrets is stored as plaintext environment variables in ECS task definitions. This exposes confidential data directly in the task configuration, which can be viewed by anyone with access to the AWS Management Console or infrastructure code.
Impact#
If exploited, attackers or unauthorized users could retrieve credentials or secrets from the environment variables, leading to potential unauthorized access to databases, APIs, or other critical systems. This can result in data breaches, service disruption, and compromise of cloud resources.
Resolution#
Use secrets for the task definition