fix(aws-glue-privesc.md): add condition on glue pass-role attack

HackTricks-wiki · Apr 19, 2024 · 43b52d6 · 43b52d6
1 parent 51132cc
commit 43b52d6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pentesting-cloud/aws-security/aws-privilege-escalation/aws-glue-privesc.md b/pentesting-cloud/aws-security/aws-privilege-escalation/aws-glue-privesc.md
@@ -18,7 +18,7 @@ Other ways to support HackTricks:
 
 ### `iam:PassRole`, `glue:CreateDevEndpoint`, (`glue:GetDevEndpoint` | `glue:GetDevEndpoints`)
 
-Users with these permissions can **set up a new AWS Glue development endpoin**t, **assigning an existing service role** with specific permissions to this endpoint.
+Users with these permissions can **set up a new AWS Glue development endpoint**, **assigning an existing service role assumable by Glue** with specific permissions to this endpoint.
 
 After the setup, the **attacker can SSH into the endpoint's instance**, and steal the IAM credentials of the assigned role: