medium

Overprivileged AWS support IAM role policy

Published Wed, Dec 22nd, 2021
Platforms

Summary

AWS added an excessive s3:getObject permission to AWSSupportServiceRolePolicy IAM policy used by AWS Support teams, and removed it a day later.

Affected Services

N/A

Remediation

None required, though best practice would be to use KMS-CMK for bucket encryption and minimize privileges in resource policies.

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/z0ph
Entry Status
Finalized
Disclosure Date
Tue, Dec 21st, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Scott Piper, Summit Route

More vulnerabilities...

medium

Overprivileged AWS support IAM role policy

AWS added an excessive s3:getObject permission to AWSSupportServiceRolePolicy IAM policy used by AWS Support teams, and removed it a day later.

...
Scott Piper, Summit Route

medium

Overprivileged AWS support IAM role policy

AWS added an excessive s3:getObject permission to AWSSupportServiceRolePolicy IAM policy used by AWS Support teams, and removed it a day later.

...
Scott Piper, Summit Route

medium

Overprivileged AWS support IAM role policy

AWS added an excessive s3:getObject permission to AWSSupportServiceRolePolicy IAM policy used by AWS Support teams, and removed it a day later.

...
Scott Piper, Summit Route

View all