GHSA-Q4PP-J36H-3GQG Minimal `basti` IAM Policy Allows Shell Access

Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...

PT-2023-33051 · Unknown · Basti Connect

Name of the Vulnerable Software and Affected Versions: Basti connect affected versions not specified Description: The Minimal IAM Policy for basti connect lacks the ssm:SessionDocumentAccessCheck condition, allowing users to obtain a shell session on the bastion, beyond the intended access for po...