Property
Languagehcl
Severitymedium
CWECWE-732: Incorrect Permission Assignment for Critical Resource
OWASPA05:2021 - Security Misconfiguration
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description#

The Glacier Vault access policy is configured with a wildcard principal, allowing any AWS user or identity to access the vault. This overly broad permission means unauthorized users could perform actions on your Glacier resources.

Impact#

If exploited, unauthorized users could read, modify, or delete sensitive data stored in the Glacier Vault. This exposes your organization to data breaches, loss of critical backups, and potential regulatory non-compliance.