CodeBuild build artifacts encryption should not be disabled
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | DATA, PERMISSION |
Description
CodeBuild uses artifacts such as a cache, logs, exported raw test report data files, and build results. Those should always be encrypted to protect the data if accesses are compromised.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | True |
An attacker could read the CodeBuild build artifacts if it gains access to the AWS account.
Remediation guidelines
Do not disable the CodeBuild build artifacts encryption.