Aws
Security
wildcard-assume-role
wildcard-assume-role
Detected wildcard access granted to sts:AssumeRole. This means anyone with your AWS account ID and the name of the role can assume the role. Instead, limit to a specific identity in your account, like this:
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-250: Execution with Unnecessary Privileges
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration
arn:aws:iam::<account_id>:root.Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-250: Execution with Unnecessary Privileges
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration
public-s3-bucket
public-s3-bucket
Detected public S3 bucket. This policy allows anyone to have some kind of access to the bucket. The exact level of access and types of actions allowed will depend on the configuration of bucket policy and ACLs. Please review the bucket configuration to make sure they are set with intended values.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP:
- A01:2021 - Broken Access Control
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP:
- A01:2021 - Broken Access Control
public-s3-policy-statement
public-s3-policy-statement
Detected public S3 bucket policy. This policy allows anyone to access certain properties of or items in the bucket. Do not do this unless you will never have sensitive data inside the bucket.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP:
- A01:2021 - Broken Access Control
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls
OWASP:
- A01:2021 - Broken Access Control