Missing Authentication for Critical Function
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-306: Missing Authentication for Critical Function |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | High |
Description#
Granting public access to an S3 bucket using the grantPublicAccess method makes all objects in the bucket accessible to anyone on the internet. This bypasses authentication controls and exposes data to unauthorized users.
Impact#
If exploited, attackers or anyone online could view, download, or misuse sensitive files stored in the bucket. This could lead to data leaks, regulatory violations, loss of intellectual property, or reputational damage to your organization.