Skip to content

Commit e25711c

Browse files
committed
Fixed visualization bug
1 parent ee89965 commit e25711c

3 files changed

Lines changed: 6 additions & 6 deletions

File tree

data/paths/codedeploy/codedeploy-001.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,7 @@ attackVisualization:
184184
color: '#ffeb99'
185185
description: The pre-attached instance profile role has elevated but non-admin permissions. The lifecycle hook script can leverage those credentials for data access, resource modification, or further escalation depending on what the role can do.
186186

187-
- id: no
187+
- id: no_access
188188
label: No additional access
189189
type: outcome
190190
color: '#cccccc'
@@ -262,7 +262,7 @@ attackVisualization:
262262
description: If the pre-attached instance profile role has elevated but non-admin permissions, the lifecycle hook script can leverage those credentials for data access or further escalation paths.
263263

264264
- from: admin_role
265-
to: no
265+
to: no_access
266266
label: If instance profile role has minimal permissions
267267
branch: C
268268
condition: no_permissions

data/paths/cognitoidentity/cognitoidentity-001.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,7 @@ attackVisualization:
179179
color: '#ffeb99'
180180
description: The bound role has elevated but non-admin permissions. Any internet caller can obtain credentials scoped to those permissions. Useful for data access (S3, RDS, DynamoDB) or as a stepping stone for additional privilege escalation paths.
181181

182-
- id: no
182+
- id: no_access
183183
label: No additional access
184184
type: outcome
185185
color: '#cccccc'
@@ -269,7 +269,7 @@ attackVisualization:
269269
description: If the bound role has elevated but non-admin permissions, the vended credentials enable data access or lateral movement. Further escalation may be possible depending on what the role can do.
270270

271271
- from: admin_role
272-
to: no
272+
to: no_access
273273
label: If role has minimal permissions
274274
branch: C
275275
condition: no_permissions

data/paths/scheduler/scheduler-001.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -137,7 +137,7 @@ attackVisualization:
137137
color: '#ffeb99'
138138
description: The passed role has elevated but non-admin permissions. The schedule can invoke AWS SDK actions within those permissions. The attacker may be able to access data, modify resources, or find further escalation paths depending on what the role can do.
139139

140-
- id: no
140+
- id: no_access
141141
label: No additional access
142142
type: outcome
143143
color: '#cccccc'
@@ -187,7 +187,7 @@ attackVisualization:
187187
description: If the passed role has elevated but non-admin permissions, the schedule can invoke AWS SDK actions within those permissions. The attacker can target different SDK APIs via the universal target to leverage whatever the role can do.
188188

189189
- from: admin_role
190-
to: no
190+
to: no_access
191191
label: If role has minimal permissions
192192
branch: C
193193
condition: no_permissions

0 commit comments

Comments
 (0)