H3-2024-0003¶

AWS Privilege Escalation - iam:AttachRolePolicy

Description¶

An AWS user or role assigned the iam:AttachRolePolicy permission, that is not an administrator, can assign an AWS role administrator permissions.

Impact¶

This misconfiguration permits an AWS role to escalate to administrator permissions.

References¶

• AttachRolePolicy - Documentation
• MITRE ATT&CK Technique: T1098.003: Account Manipulation: Additional Cloud Roles