From abaa923dcb691fd8c084671ce47496000af0e3de Mon Sep 17 00:00:00 2001
From: Sergio Garcia <hello@mistercloudsec.com>
Date: Tue, 10 Dec 2024 03:55:41 -0400
Subject: [PATCH] fix(aws): set same severity for EC2 IMDSv2 checks (#6046)

(cherry picked from commit 38a0d2d740e886f905a047791b22274fe741d60d)
---
 .../ec2_instance_account_imdsv2_enabled.metadata.json           | 2 +-
 .../ec2_instance_imdsv2_enabled.metadata.json                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json b/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json
index f5ff575139c..f329b9df8b6 100644
--- a/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_instance_account_imdsv2_enabled/ec2_instance_account_imdsv2_enabled.metadata.json
@@ -8,7 +8,7 @@
   "ServiceName": "ec2",
   "SubServiceName": "",
   "ResourceIdTemplate": "arn:partition:service:region:account-id",
-  "Severity": "medium",
+  "Severity": "high",
   "ResourceType": "AwsEc2Instance",
   "Description": "Ensure Instance Metadata Service Version 2 (IMDSv2) is enforced for EC2 instances at the account level to protect against SSRF vulnerabilities.",
   "Risk": "EC2 instances that use IMDSv1 are vulnerable to SSRF attacks.",
diff --git a/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json b/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json
index a83a12a9d7c..3f613e64213 100644
--- a/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json
+++ b/prowler/providers/aws/services/ec2/ec2_instance_imdsv2_enabled/ec2_instance_imdsv2_enabled.metadata.json
@@ -8,7 +8,7 @@
   "ServiceName": "ec2",
   "SubServiceName": "",
   "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "Severity": "medium",
+  "Severity": "high",
   "ResourceType": "AwsEc2Instance",
   "Description": "Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required.",
   "Risk": "Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.",