Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The ImageBuilder component resource is missing a KMS Customer Master Key (CMK) for encryption at rest. Without specifying a KMS key, sensitive data stored by this component may not be properly protected.
Impact#
If encryption with a KMS CMK is not enabled, attackers with access to the underlying storage could potentially read unencrypted data. This increases the risk of sensitive information exposure and reduces your control over key management, rotation, and access auditing.