Missing Encryption of Sensitive Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-311: Missing Encryption of Sensitive Data |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The artifacts produced by this AWS CodeBuild project are not encrypted, meaning files generated during builds could be stored in plain text. This exposes sensitive build outputs to anyone with access to the storage location.
Impact#
If unencrypted artifacts are accessed by unauthorized users—such as through a misconfigured bucket or compromised AWS credentials—they could view or steal sensitive source code, configuration files, or secrets. This can lead to data leaks, intellectual property theft, or further compromise of your cloud environment.