SYM_CONF_0131 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Sensitive Information to an Unauthorized Actor
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The IAM policy grants permissions that can make AWS resources publicly accessible or expose them to unintended users. This includes actions like setting resource policies or managing permissions without proper restrictions.
Impact
If exploited, attackers could gain unauthorized access to sensitive resources, data, or infrastructure. This may lead to data leaks, unauthorized modifications, or complete compromise of critical AWS services in your account.