Wiz discovered a critical vulnerability in AWS CodeBuild that allowed attackers to access core AWS repositories, including the widely used JavaScript SDK. The flaw, dubbed CodeBreach, enabled stealing GitHub credentials via a regular expression filter and gaining complete control over repositories.
The discovery stemmed from research into a previous supply chain attack on the Amazon Q VS Code extension. Wiz then investigated the AWS CodeBuild configurations of public repositories. They found four active AWS projects with webhook filters that triggered builds on pull requests: the AWS SDK for JavaScript, AWS Libcrypto, Amazon Corretto Crypto Provider, and the Registry of Open Data on AWS.
At first glance, everything seemed secure. All four projects used an ACTOR_ID filter to restrict builds to approved maintainers. But the researchers noticed that the GitHub user IDs were separated by a pipe character (|), which means “OR” in regex. That detail proved crucial.
Two missing characters with a big impact
The problem was the absence of two simple characters: the start (^) and end ($) anchors in the regex pattern. Without these anchors, a regex engine does not search for an exact match, but for a string that contains the pattern. Any GitHub user ID that was a superstring of an approved ID could therefore bypass the filter.
GitHub assigns sequential numeric IDs to users. Accounts from 2008 have 5-digit IDs, while recent accounts have 9-digit IDs. Because GitHub creates around 200,000 new IDs every day, approximately every five days, a new, longer ID is created that contains an existing 6-digit maintainer ID. Wiz called this an “eclipse,” the moment when a new ID perfectly “overshadows” a familiar ID.
Winning the race to a target ID
To claim a specific ID as soon as it became available, Wiz had to create many GitHub accounts at once. The standard sign-up flow was protected with reCAPTCHA, so that didn’t work. The breakthrough came via GitHub Apps. By creating apps via the manifest flow, they generated bot users that could open pull requests.
Wiz prepared 200 app creation requests and collected the confirmation URLs. They used the GitHub Enterprise API to create organizations as an ID sampling tool to see how close they were to the target ID. At the exact moment, they visited all 200 URLs at once, triggering a wave of new bot registrations. They managed to obtain user ID 226755743, which contained a trusted maintainer ID for the aws/aws-sdk-js-v3 repository.
From bypass to admin access
With their bot user able to bypass the ACTOR_ID filter, the researchers made a pull request for the aws/aws-sdk-js-v3 repository. They added a legitimate bug fix, but hid a payload in it: an NPM package dependency that would run in the build environment and extract GitHub credentials. The build was triggered, and within moments they had the credentials for the aws-sdk-js-v3 CodeBuild project.
The credentials obtained were a GitHub Classic Personal Access Token belonging to the aws-sdk-js-automation user. This user had full admin rights over the repository. By exploiting the repo scope of the token, which can manage collaborators, they invited their own GitHub account as a repository administrator. This allowed them to push code to the main branch, approve pull requests, and exfiltrate repository secrets.
Huge blast radius for AWS Console
This level of control provided a clear path for supply chain attacks. The JavaScript SDK is released weekly on GitHub and NPM. Attackers could have injected malicious payloads just before a release. According to Wiz’s analysis, as many as 66 percent of cloud environments contain the JavaScript SDK—two out of three environments run an instance with the SDK installed.
Even more critically, the AWS Console itself uses the SDK and bundles recent versions. Any compromise in the JavaScript SDK could have had an immediate impact on every AWS account worldwide.
The same ACTOR_ID filter issue was present in at least three other AWS GitHub repositories. Attackers could have exploited these to obtain the GitHub credentials of three additional accounts, including a personal GitHub account belonging to an AWS employee.
Wiz reported the findings to AWS on August 25, 2025. AWS and Wiz met to discuss the findings. On August 27, 2025, AWS anchored the vulnerable actor ID filters and revoked the personal access token of aws-sdk-js-automation. In September, AWS implemented additional hardening to prevent non-privileged builds from accessing credentials via memory dumping.
AWS conducted a full audit of all public build environments and CloudTrail logs. They confirmed that no other party had exploited the unanchored regex vulnerability. AWS also implemented a new Pull Request Comment Approval build gate within CodeBuild, which provides organizations with a simple and secure way to prevent untrusted builds.