Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-747
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
An internet-facing asset has IAM PassRole permission, allowing it to pass any IAM role to AWS services. If this public-facing asset is compromised, the attacker can use PassRole to escalate privileges by assuming roles with higher permissions across the account.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.no_iam_passrole', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Public Facing (True/False)
==
1
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum