feat(categories): add privilege-escalation and ec2-imdsv1 (#9537)

2025-12-19 05:17:47 +00:00 · 2025-12-12 15:14:26 +01:00
parent 0c2c5ea265
commit 6158c16108
6 changed files with 19 additions and 4 deletions
--- a/docs/developer-guide/check-metadata-guidelines.mdx
+++ b/docs/developer-guide/check-metadata-guidelines.mdx
@@ -213,3 +213,5 @@ Also is important to keep all code examples as short as possible, including the
 | software-supply-chain   | Detects or prevents tampering, unauthorized packages, or third-party risks in software supply chain                                                                                               |
 | e3                      | M365-specific controls enabled by or dependent on an E3 license (e.g., baseline security policies, conditional access)                                                                            |
 | e5                      | M365-specific controls enabled by or dependent on an E5 license (e.g., advanced threat protection, audit, DLP, and eDiscovery)                                                                    |
+| privilege-escalation    | Detects IAM policies or permissions that allow identities to elevate their privileges beyond their intended scope, potentially gaining administrator or higher-level access through specific action combinations |
+| ec2-imdsv1              | Identifies EC2 instances using Instance Metadata Service version 1 (IMDSv1), which is vulnerable to SSRF attacks and should be replaced with IMDSv2 for enhanced security                        |
--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -2,6 +2,12 @@

 All notable changes to the **Prowler SDK** are documented in this file.

+## [5.16.0] (Prowler UNRELEASED)
+
+### Added
+
+- `privilege-escalation` and `ec2-imdsv1` categories for AWS checks [(#9536)](https://github.com/prowler-cloud/prowler/pull/9536)
+
 ## [5.15.1] (Prowler UNRELEASED)

 ### Fixed
--- a/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json
@@ -26,7 +26,8 @@
    }
  },
  "Categories": [
-    "internet-exposed"
+    "internet-exposed",
+    "ec2-imdsv1"
  ],
  "DependsOn": [],
  "RelatedTo": [],
--- a/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json
@@ -25,7 +25,9 @@
      "Url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html#configuring-instance-metadata-options"
    }
  },
-  "Categories": [],
+  "Categories": [
+    "ec2-imdsv1"
+  ],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": ""
--- a/prowler/providers/aws/services/iam/iam_inline_policy_allows_privilege_escalation/iam_inline_policy_allows_privilege_escalation.metadata.json
+++ b/prowler/providers/aws/services/iam/iam_inline_policy_allows_privilege_escalation/iam_inline_policy_allows_privilege_escalation.metadata.json
@@ -26,7 +26,9 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege"
    }
  },
-  "Categories": [],
+  "Categories": [
+    "privilege-escalation"
+  ],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": ""
--- a/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.metadata.json
+++ b/prowler/providers/aws/services/iam/iam_policy_allows_privilege_escalation/iam_policy_allows_privilege_escalation.metadata.json
@@ -27,7 +27,9 @@
      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege"
    }
  },
-  "Categories": [],
+  "Categories": [
+    "privilege-escalation"
+  ],
  "DependsOn": [],
  "RelatedTo": [],
  "Notes": "CAF Security Epic: IAM"