CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard

Security

wildcard-assume-role

Detected wildcard access granted to sts:AssumeRole. This means anyone with your AWS account ID and the name of the role can assume the role. Instead, limit to a specific identity in your account, like this: arn:aws:iam::<account_id>:root.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-250: Execution with Unnecessary Privileges
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration

public-s3-bucket

Detected public S3 bucket. This policy allows anyone to have some kind of access to the bucket. The exact level of access and types of actions allowed will depend on the configuration of bucket policy and ACLs. Please review the bucket configuration to make sure they are set with intended values.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP:
- A01:2021 - Broken Access Control

public-s3-policy-statement

Detected public S3 bucket policy. This policy allows anyone to access certain properties of or items in the bucket. Do not do this unless you will never have sensitive data inside the bucket.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP:
- A01:2021 - Broken Access Control

Assistant
Responses are generated using AI and may contain mistakes.
twitterlinkedin
Powered by Mintlify
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database

    Security

    wildcard-assume-role

    Detected wildcard access granted to sts:AssumeRole. This means anyone with your AWS account ID and the name of the role can assume the role. Instead, limit to a specific identity in your account, like this: arn:aws:iam::<account_id>:root.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - CWE-250: Execution with Unnecessary Privileges
    OWASP:
    - A06:2017 - Security Misconfiguration
    - A05:2021 - Security Misconfiguration

    public-s3-bucket

    Detected public S3 bucket. This policy allows anyone to have some kind of access to the bucket. The exact level of access and types of actions allowed will depend on the configuration of bucket policy and ACLs. Please review the bucket configuration to make sure they are set with intended values.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
    OWASP:
    - A01:2021 - Broken Access Control

    public-s3-policy-statement

    Detected public S3 bucket policy. This policy allows anyone to access certain properties of or items in the bucket. Do not do this unless you will never have sensitive data inside the bucket.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
    OWASP:
    - A01:2021 - Broken Access Control

    Assistant
    Responses are generated using AI and may contain mistakes.
    twitterlinkedin
    Powered by Mintlify