Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-650
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
Identifies cloud identities that have the IAM PassRole permission, which allows them to assign IAM roles to other services or resources. PassRole is a well-known privilege escalation vector — an identity with PassRole can effectively grant itself higher privileges by passing a more permissive role to a service it controls.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.no_iam_passrole', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum