Allowing public exposure of a S3 bucket can lead to data leakage
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | DATA |
Description
AWS S3 Block Public Access is a feature that allows setting up centralized controls to manage public access to S3 resources.
Enforcing the BlockPublicAcls, BlockPublicPolicy and IgnorePublicAcls rule on a bucket allows to make sure that no ACL (Access control list) or policy giving public access can be associated with the bucket, and that existing ACL giving public access to the bucket will not be taken into account.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | False |
- Data leakage.
- Data tampering.
Remediation guidelines
Associate a S3 BlockPublicAccess to the bucket with the following properties enabled:
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls