S3 Bucket ACL WRITE_ACP Permission Granted to All

Tenacity Id

Risk Level

Categories

s3-014

3

Last Updated:

April 21, 2022

An Amazon Simple Storage Service (S3) bucket Access Control List (ACL) grants WRITE_ACP access permissions to All. Unrestricted WRITE_ACP permission will allow anyone, including public users, to modify permissions on objects in the S3 bucket. This grants them the ability to escalate privileges to full access on any object, potentially exposing sensitive data and allowing a malicious actor to destroy data. Remove S3 bucket WRITE_ACP permissions for All and restricted it to only required users or groups.