S3 Bucket ACL WRITE_ACP Permission Granted to All Authenticated Users

Tenacity Id

Risk Level

Categories

s3-018

3

Last Updated:

April 21, 2022

An Amazon Simple Storage Service (S3) bucket Access Control List (ACL) grants WRITE_ACP access permissions to All Authenticated AWS Users. Unrestricted WRITE_ACP permission will allow anyone with an AWS user account to modify permissions on objects in the S3 bucket. This grants them the ability to escalate privileges to full access on any object, potentially exposing sensitive data and allowing a malicious actor to destroy data. Remove S3 bucket WRITE_ACP permissions for All Authenticated users and restricted it to only required users or groups.