Force destroy is enabled on Spaces bucket which is dangerous
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | spaces |
| Provider | DigitalOcean |
| Vulnerability Type | misconfiguration |
Description#
Configuring a DigitalOcean Spaces bucket with ‘force_destroy’ enabled allows the bucket to be deleted without checking if it contains any objects, bypassing safeguards against accidental data loss.
Impact#
If exploited, all objects within the bucket could be permanently deleted—intentionally or by mistake—leading to loss of important data and potential disruption of services that depend on these stored assets.
Resolution#
Don’t use force destroy on bucket configuration