TF 0329 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that lambda function permission has a source arn specified
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | lambda |
| Provider | AWS |
| Vulnerability Type | omission |
Description
When an AWS Lambda permission is created without specifying a source ARN, any resource from the specified AWS service principal can invoke the Lambda function. This lack of restriction allows invocation from unintended or even external AWS accounts.
Impact
Without a source ARN, attackers or unauthorized AWS resources could trigger the Lambda function, potentially leading to data leaks, unauthorized actions, or service disruptions. This broad access increases the risk of compromise and loss of control over Lambda executions.
Resolution
Always provide a source arn for Lambda permissions