medium

AWS Directory Service not checking iam:PassRole on EnableRoleAccess

Published Wed, Jun 7th, 2023
Platforms

Summary

AWS Directory Service didn't check the iam:PassRole permissions when using the EnableRoleAccess action. This could have been used for privilege escalation by an authenticated user with sufficient permissions (ds:EnableRoleAccess), if the role had a trust policy that allowed use by Directory Service.

Affected Services

Directory Service

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Entry Status
Finalized
Disclosure Date
Fri, Apr 7th, 2023
Exploitablity Period
Until 2023-04-24
Known ITW Exploitation
-
Detection Methods
Roles trusting Directory Service being assumed by unexpected users.
Piercing Index Rating
5.29
(PI:1.5/A3:1/A4:1/A5:1/A6:6/A7:1.1)
Discovered by
Ben Bridts, Cloudar