Data at risk

AWS S3 bucket has global view ACL permissions enabled

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, GDPR, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, UK Cyber Essentials

Description

The bucket's ACL Grants allow global Read access. This allows unknown and unauthenticated users to access all the data stored on the bucket