Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

S3 Bucket Allows Get Action From All Principals @ /cloudinfra/s3_1.tf #62

Open
cyates-checkmarx opened this issue Jun 23, 2023 · 0 comments

Comments

@cyates-checkmarx
Copy link
Owner

cyates-checkmarx commented Jun 23, 2023

Checkmarx (IaC-Security): S3 Bucket Allows Get Action From All Principals
Checkmarx Project: cyates-checkmarx/JVL
Repository URL: https://github.com/cyates-checkmarx/JVL
Branch: master
Scan ID: 6bf2c567-d73e-490c-ac86-a35dd14d497b


S3 Buckets must not allow Get Action From All Principals, as to prevent leaking private information to the entire internet or allow unauthorized data tampering / deletion. This means the 'Effect' must not be 'Allow' when the 'Action' is Get, for all Principals.

Locations:

Result #1:
Severity: HIGH
State: TO_VERIFY
Status: RECURRENT
    File: /cloudinfra/s3_1.tf[31,0]
    Expected value: aws_s3_bucket[s3_1].policy.Action should not be a 'Get' action
    Actual value: aws_s3_bucket[s3_1].policy.Action is a 'Get' action
    Review result in Checkmarx One: S3 Bucket Allows Get Action From All Principals

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant