S3 Bucket Allows Public WRITE_ACP Access

Data at risk

S3 Bucket Allows Public WRITE_ACP Access

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
ISO 27701
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

Ensure that your S3 buckets do not allow anonymous users to modify their access control permissions to protect your S3 data from unauthorized access. An S3 bucket that allows public WRITE_ACP (edit permissions) access can give any malicious user on the Internet the capability to read and write ACL permissions - overly permissive actions that can lead to data loss or unintended charges

S3 Bucket Allows Public WRITE_ACP Access

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS