Lambda CORS Configuration Allows All Origins

Overview

The Lambda Function includes a wildcard ("*") in the CORS configuration AllowOrigins header, which allows all origins. This violates the principle of least privilege.

Vendor

AWS

Cloud Service

Lambda

References

https://docs.aws.amazon.com/lambda/latest/dg/API_Cors.html, https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Severity

Item Types

AWS::Lambda::Function

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​

Overview

Vendor

Cloud Service

References

Severity

Item Types