Aws Default Event Bus Exposed
Description
Detects when the AWS default Event Bus has overly permissive access policies that allow unrestricted access from any AWS account or principal. This represents a security risk as it could allow unauthorized parties to publish events to your event bus, potentially leading to information disclosure or service disruption.
Detection Strategy
• Checks if the default Event Bus has an attached resource policy
• Identifies policy statements that grant 'Allow' permissions with a wildcard principal ('*') or {'AWS': '*'}
• Reports a vulnerability if such permissions exist without any limiting conditions in the policy statement
• Validates that the permissive access applies to the Event Bus ARN specified in the policy's Resource field
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.