H3-2024-0009

AWS Privilege Escalation - iam:CreatePolicyVersion

Category	SECURITY_MISCONFIGURATION
Base Score	9

Description

An AWS user or role assigned the iam:CreatePolicyVersion permission, that is not an administrator, can assign an AWS user or role administrator permissions.

Impact

This misconfiguration permits an AWS user or role to escalate to administrator permissions.

References

• CreatePolicyVersion - Documentation