Skip to content

H3-2024-0003

AWS Privilege Escalation - iam:AttachRolePolicy

Category SECURITY_MISCONFIGURATION
Base Score 9

Description

An AWS user or role assigned the iam:AttachRolePolicy permission, that is not an administrator, can assign an AWS role administrator permissions.

Impact

This misconfiguration permits an AWS role to escalate to administrator permissions.

References