A CloudTrail bucket has public read Access Control List which can lead to private data exposure
Severity | Exploitability | Providers | Categories |
---|---|---|---|
CRITICAL | HIGH | AWS | DATA |
Description
Cloudtrail logs record every action taken by a user, role or AWS service in the account as events. The bucket where the logs are stored is set with "public-read" ACLs. This means that its content can be publicly read without authentication.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | False |
- Data Exposure
Remediation guidelines
Disable public access to the bucket storing the logs. For example, use the "private" preset ACL in the bucket's configuration.