Unauthorized access to files - Cloud Storage Services
Description
Some cloud storage service used by the application can be publicly accessed, without requiring any authentication, allowing an attacker to download its content, modify or delete the stored information
Impact
Compromise the information stored in a cloud storage service
Recommendation
Restrict the access of the public storage services of the system
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 15 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
H
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N