H3-2024-0016

AWS Privilege Escalation - iam:AttachGroupPolicy

Category	SECURITY_MISCONFIGURATION
Base Score	9

Description

An AWS user or role assigned the iam:AttachGroupPolicy permission, that is not an administrator, can assign an AWS user administrator permissions by assigning a group that user is a member of administrator permissions.

Impact

This misconfiguration permits an AWS user to escalate to administrator permissions.

References

• AttachGroupPolicy - Documentation