(@hulumi/policies), Stack-wide evidence bypass, GHSA-59f3-7227-wmh4 (High)

Listen to this Post

The vulnerability stems from how @hulumi/policies versions prior to 1.3.2 processed evidence for Cloudflare and deployment-governance guardrails. The system used stack-wide evidence shortcuts, meaning evidence was associated with an entire stack (e.g., a collection of zones, hostnames, or repositories) rather than being bound to a specific resource. An attacker could present seemingly valid, compliant evidence—such as a correctly formatted HTTP header or a seemingly legitimate IAM policy—that was actually generated for a different resource within the same stack. This unrelated but compliant-looking evidence was sufficient to suppress a violation. For example, evidence proving compliance for `zone-a.example.com` could inadvertently satisfy a guardrail intended to protect zone-b.example.com. This allowed policy enforcement to be bypassed entirely, as the validators failed to confirm that the evidence correlated to the specific resource under review. The issue affected multiple validators, including those for Cloudflare zones and governance rules. The bypass was possible because the system did not perform a lineage or ownership check, effectively poisoning the policy stack with foreign evidence. The fix in version 1.3.2 introduces strict evidence-to-resource correlation and adds regression tests to catch such cross-resource spoofing.
Platform: npm package
Version: <1.3.2
Vulnerability: Stack-wide bypass
Severity: High
date: 2026-05-21

Prediction: Patch 2026-05-15

Analytics under What Undercode Say:

To detect if your deployment is affected, audit your policies for evidence mismatches using `jq` and grep. The following command identifies guardrail logs where evidence’s `resource_id` does not match the `target_resource` field—a key indicator of this bypass:

Detect cross-resource evidence mismatches
grep "guardrail" /var/log/policies.log | jq 'select(.evidence.resource_id != .target_resource) | {timestamp, resource_id, target_resource}'

Exploit:

A malicious actor could exploit this by submitting evidence for a benign resource to satisfy a guardrail for a protected target. Below is a conceptual exploit simulation:

!/bin/bash
Simulate crafting stack-wide evidence to bypass Cloudflare guardrail
TARGET_ZONE="victim-zone.example.com"
DUMMY_ZONE="innocent-zone.example.com"
1. Gather a valid-looking evidence from a different zone
curl -s "https://api.cloudflare.com/client/v4/zones/$DUMMY_ZONE/evidence" \
-H "Authorization: Bearer $TOKEN" | jq '.result' > /tmp/valid_evidence.json
2. Associate this evidence with the target zone (bypassing correlation)
aws guardrails submit-evidence \
--resource-id "$TARGET_ZONE" \
--evidence-file file:///tmp/valid_evidence.json
3. The stack-wide short-circuit allows the unrelated evidence to suppress violation

Protection from this CVE:

Immediately upgrade the package to version 1.3.2 or higher:

npm install @hulumi/[email protected]

As an intermediate control, enforce granular evidence correlation using a custom policy engine:

Custom OPA policy to enforce evidence-to-resource binding
allow {
input.evidence.source_id == input.target.resource_id
input.evidence.type == "cloudflare"
input.target.type == "zone"
}

Impact:

  • Configuration Drift: Unauthorized changes to Cloudflare zones or deployment pipelines could go unnoticed, leading to configuration drift and security blind spots.
  • Privilege Escalation: Attackers could deploy unsafe configurations (e.g., overly permissive IAM roles or unsafe storage buckets) by masquerading compliant evidence from another part of the stack.
  • Compliance Failure: Organizations relying on these guardrails for SOC2, PCI-DSS, or FedRAMP compliance would have had invalid certifications, as the evidence for compliance could be falsified via the stack-wide shortcut.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top