Vulnerability Bulletins

Reported GuardDuty Finding Issue

System information

Affected software AmazonWS


Initial Publication Date: 05/18/2023 10:00AM EST A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to grant public access to the bucket without triggering a GuardDuty alert. This specific issue would occur if the S3 bucket policy was updated within a single new policy that included both an "Allow" for "Principal::"*" or

More info:

Standar resources

Property Value

Version history

Version Comments Date
1.0 Advisory issued 2023-05-19
Ministerio de Defensa