AWS - IAM Role Cross Service Confused Deputy Prevention #7021
Assignees
Labels
bug
provider/aws
Issues/PRs related with the AWS provider
severity/low
Bug won't result in any noticeable breakdown of the execution.
Comments
|
Hi @harr-sudo! It's true that the case you mention is not currently covered in the metadata. Since we cannot modify the metadata for specific individual resources, I will add the recommendation you suggested to that field, making it clear that there is no single recommendation, as it depends on the use case. Thanks for reporting your suggestion, and for using Prowler :) |
7 tasks
HugoPBrito
added
severity/low
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to Reproduce
The finding fails to acknowledge that certain AWS Service Accounts that can assume IAM roles do not pass AWS:SourceArn AWS:SourceAccount in their request context and so the recommendation is not correct for these account types.
Expected behavior
Identify these accounts separately and suggest other hardening mechanisms.
Actual Result with Screenshots or Logs
n/a
How did you install Prowler?
Cloning the repository from github.com (git clone)
Environment Resource
n/a to the issue. Issue is with the way the finding identifies targets.
OS used
n/a to the issue
Prowler version
latest
Pip version
latest
Context
No response
The text was updated successfully, but these errors were encountered: