Description

Amazon S3 provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. Files within S3 are organized into "buckets", which are named logical containers accessible at a predictable URL. Access controls can be applied to both the bucket itself and to individual objects (files and directories) stored within that bucket.

This web application is using an Amazon S3 bucket that is publicy writable. That means that an attacker can upload new files to this Amazon S3 bucket and can overwrite or delete existing files.

Remediation

Use the Amazon Simple Storage Service (Amazon S3) console to manage access permissions for S3 buckets by using access control lists (ACLs). ACLs are resource-based access policies that grant access permissions to buckets and objects.

References

Amazon S3 Security: master S3 bucket polices and ACLs

How Do I Set ACL Bucket Permissions?

Related Vulnerabilities

WordPress Plugin Migration, Backup, Staging-WPvivid Security Bypass (0.9.35)

WordPress Plugin Username Changer Multiple Vulnerabilities (1.4)

WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)

WordPress Plugin Web to Print Online Designer Security Bypass (2.3.0)

WordPress Plugin Simple 301 Redirects-Addon-Bulk Uploader Multiple Security Bypass Vulnerabilities (1.2.4)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Arbitrary File Creation