The experimental-programmatic-access-ccft application created a function with an associated role that was assigned policies with overly broad "sts:AssumeRole" permissions for "*" resources. This could have allowed a malicious user to assume into any AWS Account in the AWS Organization, resulting in potential privilege…Read More