Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The storage bucket is missing ‘uniform_bucket_level_access’, which means access permissions can be set at both the bucket and individual object levels. This can lead to inconsistent access controls and unintentional data exposure.
Impact#
Without uniform bucket-level access, users may bypass centralized permission management, increasing the risk of unauthorized access or data leaks. Attackers or misconfigured users might gain access to sensitive files that should not be publicly available, potentially leading to data breaches or compliance violations.