SYM_CONF_0253 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The IAM policy for GitHub OpenID Connect (OIDC) integration is missing a 'condition' block that restricts access to specific GitHub repositories. Without this, any GitHub user can potentially assume the associated AWS role.
Impact
If exploited, attackers could use their own GitHub repositories to obtain AWS credentials via OIDC, leading to unauthorized access to sensitive AWS resources. This can result in data breaches, resource manipulation, or compromise of your AWS environment.