Incorrect Permission Assignment for Critical Resource
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The Lambda permission grants access to an AWS service principal without restricting which resource can invoke the function (missing ‘source_arn’). This means any resource from that service, in any AWS account, could potentially invoke your Lambda function.
Impact#
If exploited, unauthorized users could use their own AWS resources to trigger your Lambda function, leading to unexpected execution, data leaks, or increased costs. This broad access increases the risk of abuse or compromise of your application’s functionality.