Reported GuardDuty Finding Issue
|
System information
|
|
|
Affected software |
AmazonWS |
Description
|
Initial Publication Date: 05/18/2023 10:00AM EST A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to grant public access to the bucket without triggering a GuardDuty alert. This specific issue would occur if the S3 bucket policy was updated within a single new policy that included both an "Allow" for "Principal::"*" or
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2023-002/ |
Standar resources
|
Property |
Value |
CVE |
|