Property
Languageterraform
Severitymedium
Serviceiam
Provideraws
Vulnerability Typeomission

Description#

IAM policies are allowing the ‘iam:PassRole’ action without restrictions, enabling users or roles to assign any IAM role to AWS resources. This broad permission can lead to unintended privilege escalation if not properly controlled.

Impact#

If exploited, users could assign themselves or others higher-privileged roles, potentially gaining unauthorized access to sensitive resources or administrative functions. This can result in compromised accounts, data exposure, or full environment takeover.

Resolution#

Resolve permission escalations by denying pass role