Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Severity : Critical

Description : S3 buckets can be configured to allow anyone, regardless of whether they are an AWS user or not, to write objects to a bucket or delete objects. This option should not be configured unless there is a strong business requirement.

Remediation Steps : Disable global all users policies on all S3 buckets and ensure both the bucket ACL is configured with least privileges.

  • No labels