SYM_CONF_0041 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Execution with Unnecessary Privileges
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | High |
Description
The IAM policy allows anyone (using a wildcard '*') to assume a specific AWS role via sts:AssumeRole. This means the role can be assumed by any AWS principal, not just trusted users or accounts.
Impact
An attacker who knows your AWS account ID and role name could gain access to sensitive resources or perform actions as that role, potentially leading to data breaches, privilege escalation, or unauthorized changes in your AWS environment.