AWS - Secrets Manager Privesc
Secrets Manager
For more info about secrets manager check:
pageAWS - Secrets Manager Enumsecretsmanager:GetSecretValue
secretsmanager:GetSecretValue
An attacker with this permission can get the saved value inside a secret in AWS Secretsmanager.
Potential Impact: Access high sensitive data inside AWS secrets manager service.
secretsmanager:GetResourcePolicy
, secretsmanager:PutResourcePolicy
, (secretsmanager:ListSecrets
)
secretsmanager:GetResourcePolicy
, secretsmanager:PutResourcePolicy
, (secretsmanager:ListSecrets
)With the previous permissions it's possible to give access to other principals/accounts (even external) to access the secret. Note that in order to read secrets encrypted with a KMS key, the user also needs to have access over the KMS key (more info in the KMS Enum page).
policy.json:
Last updated