Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | High |
Description#
The IAM policy allows anyone (using a wildcard ‘*’) to assume a specific AWS role via sts:AssumeRole. This means the role can be assumed by any AWS principal, not just trusted users or accounts.
Impact#
An attacker who knows your AWS account ID and role name could gain access to sensitive resources or perform actions as that role, potentially leading to data breaches, privilege escalation, or unauthorized changes in your AWS environment.