When an IAM user has the ability to create policy versions inline, they can potentially execute a privilege escalation attack by creating a new version of a policy that grants them additional permissions, and then attaching that version to a role or user. This can result in unauthorized access to sensitive resources and data. To prevent this type of attack, it is important to ensure that IAM users only have the minimum permissions necessary to perform their assigned tasks, and that policies are regularly reviewed and updated to remove any unnecessary permissions.
The IAM user can execute a privilege escalation by using inline CreatePolicyVersion. The user can create a new version of an existing policy with escalated privileges that allow access to sensitive data or resources that the user is not authorized to access. To remediate this issue, you can follow the below steps:
Regular auditing of IAM policies and monitoring of IAM users' activities can help prevent privilege escalations and unauthorized access to resources. It is also recommended to follow the least privilege principle and grant only necessary permissions to IAM users.