S3 Bucket ACL READ_ACP Permission Granted to All

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

An Amazon Simple Storage Service (S3) bucket Access Control List (ACL) grants READ_ACP access permissions to All. Unrestricted access to a buckets READ_ACP will allow anyone to read the S3 bucket ACL which could reveal critical configuration information to a malicious actor. S3 bucket ACLs are used to control user access to buckets and objects. Remove S3 bucket READ_ACP permissions for All and restricted it to only required users or groups.