AWS Temporary Elevated Access Management Improper Input Validation Vulnerability Allowing Spoofed Approvals
Vulnerability
A vulnerability exists in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center) due to improper validation of request inputs. This flaw enables users to alter valid requests and fake approvals within the TEAM system. The issue arises from a poorly validated parameter in the GraphQL API, allowing users to self-approve access requests for roles they are already assigned, bypassing normal validation processes.
Impact
Exploitation of this vulnerability allows users to self-approve access requests, bypassing the intended approval process for roles they are already assigned through TEAM. However, this cannot be used to approve requests for roles not previously onboarded.
Remediation
Users are advised to upgrade TEAM to version 1.2.2, which addresses this vulnerability. Instructions for updating can be found in the TEAM documentation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.