PrivilegeEscalationRule bypass
destroy-everything opened this issue · comments
I can bypass the PrivilegeEscalationRule by simply changing the case of my IAM policy.
eg this passes
iam:CreateAccessKey
but changing to
IAM:CreateAccessKey
will fail, however in the documentation the correct way to specify an iam policy is with all lower case, so the use of intersection should be changed to be case-insensitive (search for IAM: on this page https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions.html
Good spot - we are working on fixes and hope to push them shortly!
Thanks for the contribution :)
This should now be fixed - there was an issue with the pycfmodel
library we were using where it was not correctly picking up some policy values. Have pushed cfripper 0.5.0 to PyPi. We now force intersection of the two lists to be lower case, so it should catch all cases.
Thanks again for the contribution :D