SYM_CONF_0130 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Sensitive Information to an Unauthorized Actor
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The IAM policy allows actions that can expose sensitive credentials in API responses, such as access keys or passwords. This increases the risk of accidentally leaking credentials to unauthorized users or external systems.
Impact
If exploited, attackers could obtain valid AWS credentials or sensitive tokens, allowing them to access, modify, or control cloud resources. This may result in data breaches, resource compromise, or unauthorized access to critical infrastructure.