Closed ncc-erik-steringer closed 2 years ago
Describe the bug
PMapper is supposed to identify when someone can abuse cloudformation:UpdateStack to leverage a stack for extra permissions. It appears this did not happen per https://labs.bishopfox.com/tech-blog/iam-vulnerable-assessing-the-aws-assessment-tools#What-privesc%20paths%20does%20each%20tool%20support .
cloudformation:UpdateStack
TODOs
Fix made in 29a57ee and will be included in v1.1.4 release. Source of the bug was a miss on capitalization!
v1.1.4 is out, closing.
Describe the bug
PMapper is supposed to identify when someone can abuse
cloudformation:UpdateStack
to leverage a stack for extra permissions. It appears this did not happen per https://labs.bishopfox.com/tech-blog/iam-vulnerable-assessing-the-aws-assessment-tools#What-privesc%20paths%20does%20each%20tool%20support .TODOs