Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The policy grants permissions to sensitive IAM or Glue actions that can enable privilege escalation, such as attaching policies or modifying roles, without explicit deny statements. This allows users or roles to gain more access than intended.
Impact#
If exploited, an attacker could escalate their privileges to gain administrative access over your AWS account, potentially leading to full control over resources, data breaches, or disruption of services. Unauthorized changes to IAM or Glue settings can compromise the entire cloud environment.