Aws Privilege Escalation By Policy Versions
Description
Detects IAM policies that allow privilege escalation through policy version manipulation. This vulnerability occurs when a policy allows both creating new policy versions and setting default versions (iam:CreatePolicyVersion and iam:SetDefaultPolicyVersion), or grants full IAM permissions (iam:*), enabling users to potentially escalate their privileges.
Detection Strategy
• Scans IAM policy statements looking for 'Allow' effects combined with risky IAM permissions
• Triggers when a policy grants both iam:CreatePolicyVersion AND iam:SetDefaultPolicyVersion permissions
• Triggers when a policy grants full IAM permissions through iam:*
• Only flags policies where these permissions are explicitly allowed and have resources specified
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.