Data at risk

S3 Bucket Allows Public LIST

Risk Level

Hazardous (3)

Compliance Frameworks


Orca has detected that your s3 bucket '{AwsS3Bucket}' can be publicly accessed for LIST action. An S3 bucket that allows public LIST access can provide attackers the capability to view which objects the bucket contains.
  • Recommended Mitigation

    In order to protect your S3 data from unauthorized users, it is recommended to prevent public LIST action on your s3 bucket '{AwsS3Bucket}'. It can be done by removing 's3:ListBucket' from the bucket's policy or by setting the bucket's permissions to block public access. To edit the bucket's public access permissions, follow the instructions at: