Data at risk

S3 Bucket Allows Public WRITE_ACP Access

Risk Level

Hazardous (3)

Platform(s)

Description

Ensure that your S3 buckets do not allow anonymous users to modify their access control permissions to protect your S3 data from unauthorized access. An S3 bucket that allows public WRITE_ACP (edit permissions) access can give any malicious user on the Internet the capability to read and write ACL permissions - overly permissive actions that can lead to data loss or unintended charges
  • Recommended Mitigation

    Change the {AwsS3Bucket} bucket policy to block public WRITE_ACP access