Open Bucket
Severity: High Discovered: 10 of August-2022, 02:18 PM
CWE ID
CWE-264
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Anonymously detected open Amazon S3 bucket with full read permissions. This may result in leakage of sensitive information.
Possible exposure
Data leakage, Access to unauthorized information
Remediation suggestions
Check the privileges and restrictions on your Amazon S3 bucket. Disable read access to the whole bucket and if needed enable read only on files in the bucket.
Request
GET https://neuralegion-open-bucket.s3.amazonaws.com/?list-type=2 HTTP/1.1
Cookie: bc-calls-counter=1660141098538; connect.sid=qWVEEkK7aoEvaLxK9ECf7jNz8xGfQigG.YvmodHclZ7st6aO6jHxicdWdqSxyGVbYaJ4UvtL%2Fc1w
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Accept-Encoding: identity
Response
HTTP/1.1 200
x-amz-id-2: iaMjs0sfP3A2sANlHVaA0XPtpdbczSn6h/FlEkfe6dPecWfBjQg2WfOrIzfE9fe6WI0ZwdIMiUI=
x-amz-request-id: 37GGHS36S1REGPNM
Date: Wed, 10 Aug 2022 14:18:20 GMT
x-amz-bucket-region: us-east-1
Content-Type: application/xml
Server: AmazonS3
Content-Length: 1717
Cache-Control: public, max-age=99999
<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>neuralegion-open-bucket</Name><Prefix></Prefix><KeyCount>7</KeyCount><MaxKeys>1000</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>Burp-AnonymousCloud-ZGFj75eRbkZC.txt</Key><LastModified>2021-05-16T16:14:10.000Z</LastModified><ETag>"b8211cb343dd3cb05ef47df429d4fe9e"</ETag><Size>48</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>amanpoc.html</Key><LastModified>2021-11-10T18:25:49.000Z</LastModified><ETag>"d8f24031963e21211c5d543e4d39181b"</ETag><Size>51</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>amol.txt</Key><LastModified>2021-11-25T09:12:47.000Z</LastModified><ETag>"a33d2dd92a399806238f6d35ce995018"</ETag><Size>10</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>mv.txt</Key><LastModified>2021-11-10T18:22:54.000Z</LastModified><ETag>"ac2bb3da1a7d2204956c7a39e70d3a72"</ETag><Size>570</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-1.jpg</Key><LastModified>2020-07-13T09:28:22.000Z</LastModified><ETag>"6930fafb36176fb4bae5ea0b78ff06d7"</ETag><Size>246305</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-2.jpg</Key><LastModified>2020-07-13T09:28:19.000Z</LastModified><ETag>"ad53e5cb9de09ae993a8f113c3948d4a"</ETag><Size>66032</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-3.jpg</Key><LastModified>2020-07-13T09:28:18.000Z</LastModified><ETag>"fbfb9f15f4cab25264e51d3912f69b1d"</ETag><Size>8853</Size><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>
External links
Open Bucket
Severity:
HighDiscovered:10 of August-2022, 02:18 PMCWE ID
CWE-264
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Anonymously detected open Amazon S3 bucket with full read permissions. This may result in leakage of sensitive information.
Possible exposure
Data leakage, Access to unauthorized information
Remediation suggestions
Check the privileges and restrictions on your Amazon S3 bucket. Disable read access to the whole bucket and if needed enable read only on files in the bucket.
Request
Response
External links