Description
Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web.
Files within S3 are organized into "buckets", which are named logical containers accessible at a predictable URL. Access controls can be applied to both the bucket itself and to individual objects (files and directories) stored within that bucket.
A bucket is considered public if any user can list the contents of the bucket, and private if the bucket's contents can only be listed or written by certain S3 users.
This web application is using a public Amazon S3 bucket. This is not recommended, as a public bucket will list all of its files and directories to an any user that asks.
Remediation
Make sure all the Amazon S3 buckets you are using are marked as private.
References
Related Vulnerabilities
WordPress Plugin Social Media Share Buttons & Social Sharing Icons Security Bypass (1.5.1)
WordPress Plugin Simple History Information Disclosure (2.7.4)
WordPress Plugin Currency Switcher for WooCommerce Security Bypass (2.11.1)
WordPress Plugin Contact Form 7 Privilege Escalation (5.0.3)
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)