Lateral movement

Privileged Group – Group Management

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

An IAM Group is a collection of IAM Users. You can use groups to specify permissions for a collection of users. The group {AwsIamGroup} was found with permissive permissions that allows the service or user with these permissions the ability to add a user to any group in the account. Any member of a group gains any privileges granted to that group. An attacker may use this ability to add themselves to a group which has been granted higher privileges than the user's original ones, which may ultimately lead to full account takeover.
  • Recommended Mitigation

    Review the group's policy and consider removing any of the following actions: iam:AddUserToGroup