all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Issue with AWS Directory Service EnableRoleAccess

Add to bookmarks
June 14, 2023, 11:59 p.m. | aws@amazon.com

Latest Bulletins aws.amazon.com

Initial Publication Date: 06/14/2023 4:30PM PDT


A researcher recently reported an issue in AWS Directory Service which would have enabled customer’s IAM principals, who are allowed to call the “EnableRoleAccess” API, to enable role access on the directory user even if that IAM principal did not have the “iam:passrole” permission. This specific issue would only occur if the calling IAM principal had permissions to call “EnableRoleAccess” API and would be limited to the customer’s account.


The issue has been remediated …

access api aws call customer directory enable iam issue permission researcher role service

Visit resource

More from aws.amazon.com / Latest Bulletins

AWS Response to March 2024 CSRB report 1 week, 6 days ago | aws.amazon.com
action aware aws benefits +16
CVE-2024-28056 2 weeks, 3 days ago | aws.amazon.com
address amplify aware aws +11
CVE-2024-3094 1 month ago | aws.amazon.com
action amazon aware aws +14
CVE-2024-21626 - Runc container issue 3 months ago | aws.amazon.com
action address amazon aware +14
CVE-2023-23583 5 months, 2 weeks ago | aws.amazon.com
aware aws cve ec2 +10
CVE-2023-5528 5 months, 2 weeks ago | aws.amazon.com
amazon amazon eks ami aware +18
CVE-2023-44487 - HTTP/2 Rapid Reset Attack 6 months, 3 weeks ago | aws.amazon.com
2 rapid reset address attack aware +16
Issue with Amazon WorkSpaces Windows Client Version 5.9 and 5.10 6 months, 3 weeks ago | aws.amazon.com
amazon aws characters client +12
Reported TorchServe Issue (CVE-2023-43654) 7 months ago | aws.amazon.com
aware aws containers customers +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States
View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)
View on infosec-jobs.com
View more jobs