Incorrect Permission Assignment for Critical Resource
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The SQS queue policy uses a wildcard (’*’) for the Principal, which allows any user—including anonymous or unauthenticated users—to access the queue. This effectively makes your SQS queue public and exposes it to anyone on the internet.
Impact#
If exploited, attackers could send, receive, or delete messages from your SQS queue without restriction. This could lead to data loss, unauthorized access to sensitive information, abuse of your AWS resources, and potential disruption of your application’s messaging workflow.