S3 Bucket Allows Authenticated READ_ACP Access

Data at risk

S3 Bucket Allows Authenticated READ_ACP Access

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK v12
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices

Description

Ensure that your S3 buckets content permissions cannot be viewed by AWS authenticated accounts or IAM users in order to protect against unauthorized access. An S3 bucket that grants READ_ACP (view permissions) access to AWS signed users can allow them to examine your S3 Access Control Lists (ACLs) configuration details and find permission vulnerabilities

Recommended Mitigation

Change the {AwsS3Bucket} bucket policy to block authenticated READ_ACP access

S3 Bucket Allows Authenticated READ_ACP Access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS