You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our research team at Tenchi found some apparently insecure use of wildcards (*) in your Custom Lambda Authorizer. Precisely here. When you use wildcards anywhere in policies resources other than in the very end and after a slash, you're very likely to be allowing your users to access more API endpoints than you intended. This is because the wildcard (*) doesn't stop expanding at slashes (/), as the AWS documentation stated up until very recently. For clarification, please check out our blog post about the subject at Tenchi Security
The text was updated successfully, but these errors were encountered:
Our research team at Tenchi found some apparently insecure use of wildcards
(*)
in your Custom Lambda Authorizer. Precisely here. When you use wildcards anywhere in policies resources other than in the very end and after a slash, you're very likely to be allowing your users to access more API endpoints than you intended. This is because the wildcard(*)
doesn't stop expanding at slashes(/)
, as the AWS documentation stated up until very recently. For clarification, please check out our blog post about the subject at Tenchi SecurityThe text was updated successfully, but these errors were encountered: