Permissions, Privileges, and Access Controls

Property
Languagejson
Severitymedium
CWECWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASPA01:2021 - Broken Access Control
Confidence LevelMedium
Impact LevelHigh
Likelihood LevelLow

Description

This S3 bucket policy allows public (everyone) access by setting the Principal to ‘*’, making the bucket or its contents accessible to anyone on the internet. Such configurations expose your data to unauthorized users.

Impact

If exploited, attackers or unintended users could view, download, modify, or delete files in your S3 bucket, leading to data leaks, loss of sensitive information, or potential service disruption. This can result in reputational damage, regulatory penalties, and loss of customer trust.

Permissive Cross-domain Policy with Untrusted Domains

Property
Languagehcl
Severitylow
CWECWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASPA05:2021 - Security Misconfiguration
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The Function App is configured to allow CORS requests from any origin (’*’), which means any website can interact with your app’s APIs. This overly permissive setting exposes your application to unauthorized cross-origin access.

Impact

Attackers could exploit this by making malicious requests from untrusted websites, potentially stealing sensitive data or abusing your APIs. This increases the risk of data leakage, account compromise, and other attacks via unauthorized cross-origin interactions.

Permissive Cross-domain Policy with Untrusted Domains

Property
Languagehcl
Severitylow
CWECWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASPA05:2021 - Security Misconfiguration
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The configuration allows all external origins (’*’) to access your Azure App Service via CORS. This means any website can make requests to your app, exposing it to potential abuse.

Impact

If exploited, malicious websites could interact with your app’s APIs, potentially stealing sensitive data or performing unauthorized actions on behalf of users. This weakens your app’s defenses and increases the risk of data leaks or account compromise.

Permissive Cross-domain Policy with Untrusted Domains

Property
Languagehcl
Severitylow
CWECWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASPA05:2021 - Security Misconfiguration
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The CORS configuration for this S3 bucket allows any website to access its resources by setting allowed_origins to ‘*’. This means requests from any domain are permitted, which is insecure.

Impact

An attacker could interact with your bucket from any malicious website, potentially exposing sensitive data, enabling unauthorized data downloads, or making your resources vulnerable to misuse. This weakens access control and can lead to data leakage or abuse.

Permissive Cross-domain Policy with Untrusted Domains

Property
Languagepython
Severitymedium
CWECWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASPA07:2021 - Identification and Authentication Failures
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

Allowing all origins (’*’) with ‘supports_credentials=True’ in Flask-CORS lets any website send authenticated requests to your backend and receive sensitive data. This misconfiguration exposes cookies and authenticated sessions to untrusted third parties.

Impact

Attackers can make cross-origin requests from any site, potentially stealing user data, session cookies, or performing actions on behalf of users without their consent. This can lead to data breaches, account compromise, and loss of user trust.

Permissive Cross-domain Policy with Untrusted Domains

Property
Languagepython
Severitymedium
CWECWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASPA05:2021 - Security Misconfiguration
Confidence LevelMedium
Impact LevelLow
Likelihood LevelHigh

Description

The CORS policy is configured to allow requests from any origin (’*’), which means any website can interact with your API. This setup is insecure because it removes restrictions on who can access your endpoints.

Impact

If exploited, malicious websites could make unauthorized requests to your API, potentially exposing sensitive data or enabling CSRF-style attacks. This could lead to data leaks, unauthorized actions, or compromise of user information.

Permissive List of Allowed Inputs

Property
Languagejava
Severitylow
CWECWE-183: Permissive List of Allowed Inputs
OWASPA04:2021 - Insecure Design
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The code configures CORS headers to allow any origin (using ‘*’ or ’null’), which means any website can make requests to your server. This overly permissive policy exposes your application to cross-origin attacks.

Impact

An attacker could build a malicious site that interacts with your APIs as if it were a trusted client, potentially stealing sensitive data, performing unauthorized actions, or impersonating users. This weakens security boundaries and could lead to data leaks or account compromise.

Permissive List of Allowed Inputs

Property
Languagetypescript
Severitylow
CWECWE-183: Permissive List of Allowed Inputs
OWASPA04:2021 - Insecure Design
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The CORS domain regular expression uses an unescaped ‘.’ character, which matches any character instead of just a literal dot. This can unintentionally allow requests from unauthorized or unexpected origins.

Impact

If exploited, attackers could send cross-origin requests from malicious domains that match the overly broad pattern, potentially exposing sensitive data or enabling unauthorized actions on behalf of users. This weakens the access control protections provided by CORS.

Permissive List of Allowed Inputs

Property
Languagetypescript
Severitylow
CWECWE-183: Permissive List of Allowed Inputs
OWASPA04:2021 - Insecure Design
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The application is configured to allow any website to access its resources by setting the Access-Control-Allow-Origin header to ‘*’. This disables the browser’s Same Origin Policy protections and makes your API accessible from any domain.

Impact

Attackers can use malicious websites to make requests to your API on behalf of users, potentially exposing sensitive data or enabling unauthorized actions. This can lead to data leaks, cross-site request forgery (CSRF), and other security risks if the API is not otherwise protected.

Point in time recovery should be enabled to protect DynamoDB table

Property
Languageterraform
Severitymedium
Servicedynamodb
ProviderAWS
Vulnerability Typeomission

Description

The DynamoDB table is not configured with point-in-time recovery, leaving it unprotected against accidental or malicious data modifications or deletions. Without this setting, data cannot be restored to a previous state if lost or corrupted.

Impact

If the table experiences unintended writes or deletions, the data loss is permanent and cannot be rolled back, increasing the risk of business disruption, data integrity issues, and potential non-compliance with backup or recovery requirements.