Cloud Storage bucket is anonymously or publicly accessible
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | Google Cloud Provider | PERMISSION |
Description
Cloud storage bucket access is not restricted to selected users, and thus accessible to the whole web.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Bucket permissions set to public access means anyone can try and connect to the storage.
- If no credentials are required, its content is then fully accessible.
- If authentication is required, credentials might be bruteforced to access data. Another risk is DDoS (Distributed Denial-of-Service), which would prevent legitimate users from accessing data.
Remediation guidelines
Enforce public access prevention on the bucket, or use IAM (Identity and Access Management) to manage permissions to access its content. Permissions can either use the recommended uniform bucket-level access to be managed with IAM, or fine-grained access which allows to use ACL (Access Control List) in addition.