Json Yaml Overpermissive Attach User Policy
Description
Detects privilege escalation vulnerabilities in AWS CloudFormation templates where IAM policies are overly permissive in their policy attachment permissions. This could allow users to escalate their privileges by attaching additional policies to themselves or other users, potentially gaining unauthorized access to AWS resources.
Detection Strategy
• Scans CloudFormation templates for IAM policy resource definitions
• Identifies policy statements that grant permissions related to attaching IAM policies (e.g., iam:AttachUserPolicy, iam:AttachRolePolicy)
• Checks if the policy allows attaching policies without sufficient restrictions on which policies can be attached
• Reports a vulnerability when a policy allows unrestricted ability to attach IAM policies, which could enable privilege escalation
Vulnerable code example
Resources:
DangerousPolicy:
Type: 'AWS::IAM::ManagedPolicy'
Properties:
Description: 'Demonstrates vulnerable IAM policy'
Path: '/'
PolicyDocument:
Version: '2012-10-17'...✅ Secure code example
Parameters:
TargetUserName:
Type: String
Description: 'Name of user who can have policies attached'
AllowedPolicyArn:
Type: String
Description: 'ARN of the specific policy that can be attached'
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.