Improper Privilege Management
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This code assigns AWS IAM policies that allow both ‘iam:PassRole’ and other sensitive actions (like ‘sts:AssumeRole’ or ’lambda:CreateFunction’) to the same user or role without any explicit deny. This combination can enable users to escalate their own privileges.
Impact#
If exploited, an attacker could gain full administrative access to your AWS account by using these permissions to assume higher-privilege roles or create resources with elevated rights. This could lead to unauthorized actions, data breaches, or total compromise of cloud infrastructure.