Merge pull request #49 from ThomasLachaux/patch-1

fix(aws-glue-privesc.md): add condition on glue pass-role attack
HackTricks-wiki · Apr 30, 2024 · 79f62ea · 79f62ea
2 parents 1dd3f70 + 43b52d6
commit 79f62ea
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pentesting-cloud/aws-security/aws-privilege-escalation/aws-glue-privesc.md b/pentesting-cloud/aws-security/aws-privilege-escalation/aws-glue-privesc.md
@@ -18,7 +18,7 @@ Other ways to support HackTricks:
 
 ### `iam:PassRole`, `glue:CreateDevEndpoint`, (`glue:GetDevEndpoint` | `glue:GetDevEndpoints`)
 
-Users with these permissions can **set up a new AWS Glue development endpoin**t, **assigning an existing service role** with specific permissions to this endpoint.
+Users with these permissions can **set up a new AWS Glue development endpoint**, **assigning an existing service role assumable by Glue** with specific permissions to this endpoint.
 
 After the setup, the **attacker can SSH into the endpoint's instance**, and steal the IAM credentials of the assigned role: