S3 Access block should block public policy
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | s3 |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The S3 bucket configuration does not enforce blocking of public bucket policies, allowing users to attach policies that could make the bucket publicly accessible. This misconfiguration leaves the bucket open to unintended public access through policy changes.
Impact#
If exploited, an attacker or unauthorized user could add or modify bucket policies to expose sensitive data to the public internet. This could result in data leakage, compliance violations, and potential financial or reputational damage to the organization.
Resolution#
Prevent policies that allow public access being PUT