medium

Bypassable and overly-privileged IAM policies

Published Tue, Nov 7th, 2017

Platforms

aws

Summary

AWS has previously provided managed policies or guidance in documentation for policies with mistakes that allow them to be bypassed. Additionally, some policies are over-privileged. Date of disclosure is for the first issue of this type, while references provide other examples by various individuals.

Affected Services

N/A

Remediation

Review the policies provided by AWS

Tracked CVEs

No tracked CVEs

References

https://duo.com/blog/potential-gaps-in-suggested-amazon-web-services-security-policies-for-mfahttps://summitroute.com/blog/2019/06/18/aws-iam-managed-policy-review/https://medium.com/ymedialabs-innovation/an-aws-managed-policy-that-allowed-granting-root-admin-access-to-any-role-51b409ea7ff0https://www.tenchisecurity.com/blog/thefaultinourstars

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Tue, Nov 7th, 2017

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Multiple findings

More vulnerabilities...

low

AWS Java SDK XXE injection

aws

The AWS Java SDK was vulnerable to XML external entity (XXE) injection related to XML parsers.

Alex Brasetvik
low

Public admin access to Azure's Red Hat Update Infrastructure

azure

Full administrative access to the Azure Red Hat Enterprise Linux Appliance REST API was publicly exposed. It allowed malicious actors uploading packages that would be acquired by client virtual mac...

Ian Duffy
medium

3rd party vendor confused deputy via AssumeRole

aws

3rd party vendors can (and sometimes do) incorrectly implement sts:ExternalId in their AWS role trust policies, leading to confused deputy issues. These misconfigurations could allow customers to a...

Daniel Grzelak, Atlassian
View all