Permissions, Privileges, and Access Controls
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-264: CWE CATEGORY: Permissions, Privileges, and Access Controls |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The S3 bucket is configured to allow public access, meaning anyone on the internet could potentially view or modify its contents. This often happens when public access settings are not properly restricted in the bucket policy or access control settings.
Impact#
If exploited, attackers could read, delete, or upload files to the bucket, leading to data leaks, loss of sensitive information, or exposure to malicious uploads. This can result in compliance violations, data breaches, or disruption of business operations.