Data at risk

Alicloud OSS Bucket is Public

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks
  • CIS Alibaba Cloud Foundation Benchmark

Description

Alibaba Cloud OSS (Object Storage Service) provides storage service to your files and data in the account. The files are stored in containers called buckets. It was detected that the OSS bucket {AlicloudOssBucket} allows anonymous and/or public access. If a bucket is public (via Access Control List) or is publicly accessible (via bucket policy), everyone may be able to access the content of the bucket, including sensitive data, if any stored in the bucket.
  • Recommend icon

    Recommended Mitigation

    Review your bucket ACL and policies. If the bucket is not supposed to be publicly accessible, limit the access control list and/or the bucket policy to be privately accessible only. The combination of ACL and policies should be carefully selected and it's preferred to use policies when possible. For more information about ACL see: <a href="https://www.alibabacloud.com/help/doc-detail/100676.html" target="_blank" rel="noopener noreferrer">https://www.alibabacloud.com/help/doc-detail/100676.html</a> For more information about policies see: <a href="https://www.alibabacloud.com/help/en/doc-detail/101681.html" target="_blank" rel="noopener noreferrer">https://www.alibabacloud.com/help/en/doc-detail/101681.html</a>