The experimental-programmatic-access-ccft application created a function with an associated role that was assigned policies with overly broad "sts:AssumeRole" permissions for "*" resources. This could have allowed a malicious user to assume into any AWS Account in the AWS Organization, resulting in potential privilege…Read More
AWS VDP: A potential risk in the experimental-programmatic-access-ccft which can be used to privilege escalation.
