S3 Bucket Has Excessive ACL Permissions

Overview

This checks the Access Control List (ACL) for S3 buckets to identify public access (via the Everyone or Authenticated Users groups) to the following permissions:

READ
WRITE
READ_ACP
WRITE_ACP
FULL_CONTROL

READ and WRITE access allow these public groups to read or modify the contents of the bucket, respectively.

READ_ACP access allows these public groups to read the bucket's ACL and potentially identify additional unintended access to objects in the bucket.

WRITE_ACP access allows these public groups to modify the bucket ACL and grant themselves full access to the bucket and its contents.

FULL_CONTROL access allows all of the above actions.

Vendor

AWS

Cloud Service

Severity

Item Types

AWS::S3::Bucket

Overview​

Vendor​

Cloud Service​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Severity

Item Types