S3 Buckets not publicly accessible through ACL.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | s3 |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
The S3 bucket is configured with an ACL that allows public access, making its contents accessible to anyone on the internet. This misconfiguration exposes sensitive data by not restricting access to authorized users only.
Impact#
If exploited, unauthorized users could list, download, or even modify the contents of the bucket, leading to data leakage, loss of intellectual property, or exposure of confidential information. This can result in regulatory violations, reputational damage, and financial loss.
Resolution#
Don’t use canned ACLs or switch to private acl