203 – Unauthorized access to files - Cloud Storage Services

Description

Some cloud storage service used by the application can be publicly accessed, without requiring any authentication, allowing an attacker to download its content, modify or delete the stored information

Impact

Compromise the information stored in a cloud storage service

Recommendation

Restrict the access of the public storage services of the system

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): H
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 096 - Set user's required privileges
• 176 - Restrict system objects
• 264 - Request authentication
• 320 - Avoid client-side control enforcement

Fixes

• Aws
• Cloudformation
• Go
• Java
• Scala

Last updated

2024/02/16