SYM_CONF_0137 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Privilege Management
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The IAM policy grants full administrative access ('Action' and 'Resource' set to '*'), allowing any action on any AWS resource. This violates the principle of least privilege and exposes the account to excessive risk.
Impact
If exploited, an attacker or compromised user could take complete control of all AWS resources, including deleting data, modifying configurations, or escalating privileges, potentially resulting in total compromise of the cloud environment.