SYM_CONF_0285 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The AWS Redshift cluster resource is missing configuration for encryption with a customer-managed KMS key. Without specifying a KMS key, your data at rest is not properly encrypted or controlled.
Impact
If encryption with a customer-managed KMS key is not enabled, sensitive data stored in the Redshift cluster could be exposed if the infrastructure is compromised. This increases the risk of unauthorized data access and may violate compliance requirements.