You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ScoutSuite reported a number of SNS Topics in my account as being publicly accessible. Upon investigation, they are not. They had resource policies containing the following statements:
Since other Topics access policies also used the condition key "AWS:SourceOwner" (spelled with upper-case "AWS") without being flagged, this is probably not the problem. The problem is most like the "aws:PrincipalOrgID" condition key.
If this is indeed a correct analysis of the problem, it likely applies to other findings as well.
To Reproduce
I have not tried to create a reproduction case for this flaw. Let me know if you're having difficulty and I will try to help. However, I will most likely no longer have access to the account where I encountered this flaw.
The text was updated successfully, but these errors were encountered:
ScoutSuite reported a number of SNS Topics in my account as being publicly accessible. Upon investigation, they are not. They had resource policies containing the following statements:
Since other Topics access policies also used the condition key "
AWS:SourceOwner
" (spelled with upper-case "AWS") without being flagged, this is probably not the problem. The problem is most like the "aws:PrincipalOrgID
" condition key.If this is indeed a correct analysis of the problem, it likely applies to other findings as well.
To Reproduce
I have not tried to create a reproduction case for this flaw. Let me know if you're having difficulty and I will try to help. However, I will most likely no longer have access to the account where I encountered this flaw.
The text was updated successfully, but these errors were encountered: