SYM_CONF_0134 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Privilege Management
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The IAM policy allows all actions ('*') on specified resources, granting full permissions instead of restricting access to only what is necessary. This violates the principle of least privilege and can expose resources to misuse.
Impact
If exploited, anyone with the policy could perform any action on the assigned resources, including deleting, modifying, or exfiltrating sensitive data. This broad access increases the risk of security breaches, accidental changes, and potential data loss across your AWS environment.