Json Yaml Cors Unrestricted Origin In Policy

Description

Detects misconfigured CORS policies in AWS SAM templates that allow requests from any origin (*). This creates a security risk by allowing any domain to make cross-origin requests to your API, potentially enabling malicious websites to interact with your API and access sensitive data.

Weakness:

134 - Insecure or unset HTTP headers - CORS

Category: Protocol Manipulation

Detection Strategy

• Search for CORS configuration properties named 'AllowOrigin' or 'AllowOrigins' in AWS SAM template files

• Check if these properties are set to a wildcard value (*) within Api, Cors, or Globals sections

• Report a vulnerability when a CORS policy is found that allows unrestricted access from any origin

• Only flag configurations where the origin value exactly matches '*' (ignoring quotes)

Vulnerable code example

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: API with insecure CORS

Globals:
  Api:
    Cors:
      AllowOrigin: "'*'" # Vulnerable: Allows requests from any origin, creating security risk

✅ Secure code example

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: API with secure CORS configuration

Globals:
  Api:
    TracingEnabled: true
    Cors:...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.