Missing Authentication for Critical Function
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-306: Missing Authentication for Critical Function |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The CodeBuild project is configured to have a public URL, making its build results, logs, and artifacts accessible to anyone without authentication. This exposes sensitive project information to the public, including past builds.
Impact#
If exploited, unauthorized users can view or download build logs and artifacts, potentially exposing source code, credentials, or other confidential data. This can lead to data leaks, intellectual property theft, or further attacks against your application or infrastructure.