CodeBuild build artifacts encryption should not be disabled
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | HIGH | AWS | DATA, PERMISSION |
Description
CodeBuild uses artifacts such as a cache, logs, exported raw test report data files, and build results. Those should always be encrypted to protect the data if accesses are compromised.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | False | False | True |
An attacker could read the CodeBuild build artifacts if it gains access to the AWS account.
Remediation guidelines
Do not disable the CodeBuild build artifacts encryption.
References
Was this page helpful?
