Exposure of Sensitive Information to an Unauthorized Actor
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The S3 bucket is configured to allow public or authenticated-read access, which means anyone on the internet or any AWS-authenticated user can read the contents. This exposes all data in the bucket to users who should not have access.
Impact#
If exploited, unauthorized users could view or download sensitive files stored in the bucket, leading to data leaks, privacy breaches, or regulatory violations. Attackers might use exposed data for phishing, fraud, or further attacks against your organization.