Description

Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. Files within S3 are organized into "buckets", which are named logical containers accessible at a predictable URL. Access controls can be applied to both the bucket itself and to individual objects (files and directories) stored within that bucket. A bucket is considered public if any user can list the contents of the bucket, and private if the bucket's contents can only be listed or written by certain S3 users.

This web application is using a public Amazon S3 bucket. This is not recommended, as a public bucket will list all of its files and directories to an any user that asks.

Remediation

Make sure all the Amazon S3 buckets you are using are marked as private.

References

Related Vulnerabilities