Detected wildcard access granted to sts:AssumeRole. This means anyone with your AWS account ID and the name of the role can assume the role. Instead, limit to a specific identity in your account, like this: arn:aws:iam::<account_id>:root. Likelihood: HIGH Confidence: MEDIUM CWE: - CWE-250: Execution with Unnecessary Privileges
OWASP: - A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration
public-s3-bucket
Detected public S3 bucket. This policy allows anyone to have some kind of access to the bucket. The exact level of access and types of actions allowed will depend on the configuration of bucket policy and ACLs. Please review the bucket configuration to make sure they are set with intended values. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP: - A01:2021 - Broken Access Control
public-s3-policy-statement
Detected public S3 bucket policy. This policy allows anyone to access certain properties of or items in the bucket. Do not do this unless you will never have sensitive data inside the bucket. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP: - A01:2021 - Broken Access Control