The bug allows attackers to abuse AWS’ AppSync service and assume IAM roles in other AWS accounts. This gives an attacker the opportunity “to pivot into a victim organization and access resources in those accounts,” according to Datadog.
Support the originator by clicking the read the rest link below.