Open Bucket
Severity: High Discovered: 10 of October-2022, 11:11 PM
CWE ID
CWE-264
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Anonymously detected open Amazon S3 bucket with full read permissions. This may result in leakage of sensitive information.
Possible exposure
Data leakage, Access to unauthorized information
Remediation suggestions
Check the privileges and restrictions on your Amazon S3 bucket. Disable read access to the whole bucket and if needed enable read only on files in the bucket.
Request
GET https://neuralegion-open-bucket.s3.amazonaws.com/?list-type=2 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Accept-Encoding: identity
Response
HTTP/1.1 200
x-amz-id-2: 0TzqS6R24xVcZfZbkGtnPfM+2tugXw4cb1OoUy9F6uqg16/V9KGHulumMKw2TLeFxtGhW9GI99M=
x-amz-request-id: DC0C5X23EPE0KJZG
Date: Mon, 10 Oct 2022 23:11:05 GMT
x-amz-bucket-region: us-east-1
Content-Type: application/xml
Server: AmazonS3
Content-Length: 1717
Cache-Control: public, max-age=99999
<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>neuralegion-open-bucket</Name><Prefix></Prefix><KeyCount>7</KeyCount><MaxKeys>1000</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>Burp-AnonymousCloud-ZGFj75eRbkZC.txt</Key><LastModified>2021-05-16T16:14:10.000Z</LastModified><ETag>"b8211cb343dd3cb05ef47df429d4fe9e"</ETag><Size>48</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>amanpoc.html</Key><LastModified>2021-11-10T18:25:49.000Z</LastModified><ETag>"d8f24031963e21211c5d543e4d39181b"</ETag><Size>51</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>amol.txt</Key><LastModified>2021-11-25T09:12:47.000Z</LastModified><ETag>"a33d2dd92a399806238f6d35ce995018"</ETag><Size>10</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>mv.txt</Key><LastModified>2021-11-10T18:22:54.000Z</LastModified><ETag>"ac2bb3da1a7d2204956c7a39e70d3a72"</ETag><Size>570</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-1.jpg</Key><LastModified>2020-07-13T09:28:22.000Z</LastModified><ETag>"6930fafb36176fb4bae5ea0b78ff06d7"</ETag><Size>246305</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-2.jpg</Key><LastModified>2020-07-13T09:28:19.000Z</LastModified><ETag>"ad53e5cb9de09ae993a8f113c3948d4a"</ETag><Size>66032</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-3.jpg</Key><LastModified>2020-07-13T09:28:18.000Z</LastModified><ETag>"fbfb9f15f4cab25264e51d3912f69b1d"</ETag><Size>8853</Size><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>
External links
Open Bucket
Severity:
HighDiscovered:10 of October-2022, 11:11 PMCWE ID
CWE-264
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Anonymously detected open Amazon S3 bucket with full read permissions. This may result in leakage of sensitive information.
Possible exposure
Data leakage, Access to unauthorized information
Remediation suggestions
Check the privileges and restrictions on your Amazon S3 bucket. Disable read access to the whole bucket and if needed enable read only on files in the bucket.
Request
Response
External links