H3-2024-0009¶

AWS Privilege Escalation - iam:CreatePolicyVersion

Description¶

An AWS user or role assigned the iam:CreatePolicyVersion permission, that is not an administrator, can assign an AWS user or role administrator permissions.

Impact¶

This misconfiguration permits an AWS user or role to escalate to administrator permissions.

References¶

• CreatePolicyVersion - Documentation
• MITRE ATT&CK Technique: T1098.003: Account Manipulation: Additional Cloud Roles