2 matches found
CVE-2025-14503 Overly Permissive Trust Policy in Harmonix on AWS EKS
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM...
Overly Permissive Trust Policies
aws-cdk is vulnerable to Overly Permissive Trust Policies. The vulnerability exists because the library's CreationRole and the default MastersRole use the account root principal in their trust policy, which allows eks.Cluster and eks.FargateCluster construct clusters to create two roles that have...