Vulnerability Bulletins

Reported GuardDuty Finding Issue


System information

   
Affected software AmazonWS

Description

Initial Publication Date: 05/18/2023 10:00AM EST A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to grant public access to the bucket without triggering a GuardDuty alert. This specific issue would occur if the S3 bucket policy was updated within a single new policy that included both an "Allow" for "Principal::"*" or

More info:

https://aws.amazon.com/security/security-bulletins/AWS-2023-002/

Standar resources

Property Value
CVE

Version history

Version Comments Date
1.0 Advisory issued 2023-05-19
Ministerio de Defensa
CNI
CCN
CCN-CERT