Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Contribution] AWS: IAM role trust policy condition validation bug #289

Closed
Frichetten opened this issue Apr 10, 2024 · 0 comments
Closed

[Contribution] AWS: IAM role trust policy condition validation bug #289

Frichetten opened this issue Apr 10, 2024 · 0 comments
Labels
addition New security issue or vulnerability aws Issue related to an AWS service

Comments

@Frichetten
Copy link
Contributor

Summary

the tag variable names affected whether trust policy conditions were evaluated correctly.

If the request tag referenced a principal tag called MemberRole in the JWT token, and the IAM role referenced a resource tag with the same variable name, the condition was always evaluated as true, regardless of whether the tag's values actually matched. This is how test users with stedi:readonly permissions in Stedi gained unauthorized admin access to their AWS accounts.

References (provide links to blogposts, etc.)

We discovered an AWS access vulnerability
@Frichetten Frichetten added the addition New security issue or vulnerability label Apr 10, 2024
ramimac added a commit to ramimac/open-cvdb that referenced this issue Apr 19, 2024
@ramimac
Fixes wiz-sec#289: AWS IAM validation bug
b0913f1
@korniko98 korniko98 added the aws Issue related to an AWS service label Apr 28, 2024
@mer-b mer-b closed this as completed in 59e5320 Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
addition New security issue or vulnerability aws Issue related to an AWS service
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Frichetten @korniko98