TF 0344 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
AWS SQS policy document has wildcard action statement.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | sqs |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description
The SQS policy document uses a wildcard ('*') in the action field, allowing all possible SQS actions instead of restricting permissions to only those required. This broad permission grants unnecessary access to the queue.
Impact
If exploited, anyone with access could perform any operation on the SQS queue, including modifying, deleting, or changing permissions. This increases the risk of data loss, unauthorized message access, or disruption of services relying on the queue.
Resolution
Keep policy scope to the minimum that is required to be effective