Json Yaml Cors Wildcard Origin Or Headers
Description
Identifies overly permissive CORS (Cross-Origin Resource Sharing) configurations in CloudFormation templates that use wildcards (*) in allowed origins. Using wildcards in CORS origin settings allows any domain to make cross-origin requests to your API, potentially enabling malicious websites to access sensitive data.
Detection Strategy
• Scan CloudFormation template files for CORS configuration blocks
• Look for properties named 'AllowedOrigins', 'AllowOrigin', or 'Origin' (case insensitive)
• Check if the value contains a wildcard character (*)
• Report a vulnerability if a wildcard is found in any of these CORS origin settings
Vulnerable code example
resource "aws_s3_bucket_cors_configuration" "example" {
bucket = aws_s3_bucket.example.id
cors_rule {
allowed_headers = ["*"] # Vulnerable: Allows all headers without restriction
allowed_methods = ["PUT", "POST"]
allowed_origins = ["*"] # Vulnerable: Allows requests from any origin
expose_headers = ["ETag"]...✅ Secure code example
resource "aws_s3_bucket_cors_configuration" "example" {
bucket = aws_s3_bucket.example.id
cors_rule {
allowed_headers = ["Authorization", "Content-Type", "x-requested-with"] # Explicitly list required headers instead of wildcard
allowed_methods = ["PUT", "POST"]
allowed_origins = ["https://example.com"] # Restrict to specific trusted domain
expose_headers = ["ETag"]...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.