Skip to main content

Not encrypting EFS mount can lead to data leak

SeverityExploitabilityProvidersCategories
HIGHHIGHAWSDATA

Description#

Amazon Elastic Container Service (Amazon ECS) is a container management service, in which tasks definition are used to run an individual task or task within a service.

EFS are volumes that can be mounted to a container. When in-transit encryption is not enabled for an EFS mount, the data in transit can be read by someone with access to the network.

Impact#

Potential data exposureVisible in logsUser interaction requiredPrivileges required
TrueFalseFalseTrue

Data leak.

Remediation guidelines#

Enable in-transit encryption for the EFS mount.

References#