Alicloud OSS Bucket is Public
Informational (4)
- CIS Alibaba Cloud Foundation Benchmark
Description
Alibaba Cloud OSS (Object Storage Service) provides storage service to your files and data in the account. The files are stored in containers called buckets. It was detected that the OSS bucket {AlicloudOssBucket} allows anonymous and/or public access. If a bucket is public (via Access Control List) or is publicly accessible (via bucket policy), everyone may be able to access the content of the bucket, including sensitive data, if any stored in the bucket.-
Recommended Mitigation
Review your bucket ACL and policies. If the bucket is not supposed to be publicly accessible, limit the access control list and/or the bucket policy to be privately accessible only. The combination of ACL and policies should be carefully selected and it's preferred to use policies when possible. For more information about ACL see: <a href="https://www.alibabacloud.com/help/doc-detail/100676.html" target="_blank" rel="noopener noreferrer">https://www.alibabacloud.com/help/doc-detail/100676.html</a> For more information about policies see: <a href="https://www.alibabacloud.com/help/en/doc-detail/101681.html" target="_blank" rel="noopener noreferrer">https://www.alibabacloud.com/help/en/doc-detail/101681.html</a>