Skip to content

v1.1.5 Release

Latest
Latest
Compare
Choose a tag to compare
@ncc-erik-steringer ncc-erik-steringer released this 13 Jan 18:08
· 7 commits to master since this release
v1.1.5
d5136ff
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is a minor update to PMapper. It should be compatible with graphs from v1.1.X, but we recommend creating new graphs to take advantage of additional checks and fixes.

Improvements

  • Added the new preset query, wrongadmin: This query identifies principals that have admin-level permissions, but do not have the AdministratorAccess or equivalent inline policy attached to themselves. This covers risks where users/roles are unintentionally granted combinations of permissions that would allow them to give themselves unlimited permissions in the account.
  • Policy Simulator Fixes: Fixed an issue where IAM Group Policies with Deny statements were not correctly handled (Thank you @RyanJarv !). Fixed an issue where AWSServiceRoleFor[...] principals were not handled correctly with SCPs.
  • Admin Check Fix: Cut out a corner-case in the admin-check function to avoid false positives.

Contributors

RyanJarv
Assets 2