Skip to content

Open Bucket #10

Description

@bright-security

Open Bucket

Severity: High Discovered: 16 of August-2022, 03:42 PM

CWE ID

CWE-264

CVSS

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Anonymously detected open Amazon S3 bucket with full read permissions. This may result in leakage of sensitive information.

Possible exposure

Data leakage, Access to unauthorized information

Remediation suggestions

Check the privileges and restrictions on your Amazon S3 bucket. Disable read access to the whole bucket and if needed enable read only on files in the bucket.

Request

GET https://neuralegion-open-bucket.s3.amazonaws.com/?list-type=2 HTTP/1.1
Cookie: bc-calls-counter=1660664473219; connect.sid=sNsFVsBUzjx9QhUWXeKEmSZhcCxOXHhR.NTooH6nVBrT6T86lWjYW1%2BU%2F88imUnb2SFtPLV5VyBY
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Accept-Encoding: identity

Response

HTTP/1.1 200
x-amz-id-2: hkBu2faX8bZg3nnVE3bRu9eJaR37HTmTKWHjgCSc0IEa9cBN33QdfKoT9oH21SPxcgkaXy1iXZo=
x-amz-request-id: NS25H5FKWCN0FHWM
date: Tue, 16 Aug 2022 15:41:19 GMT
x-amz-bucket-region: us-east-1
content-type: application/xml
transfer-encoding: chunked
server: AmazonS3
connection: close
content-length: 1717
Cache-Control: public, max-age=99999

<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>neuralegion-open-bucket</Name><Prefix></Prefix><KeyCount>7</KeyCount><MaxKeys>1000</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>Burp-AnonymousCloud-ZGFj75eRbkZC.txt</Key><LastModified>2021-05-16T16:14:10.000Z</LastModified><ETag>&quot;b8211cb343dd3cb05ef47df429d4fe9e&quot;</ETag><Size>48</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>amanpoc.html</Key><LastModified>2021-11-10T18:25:49.000Z</LastModified><ETag>&quot;d8f24031963e21211c5d543e4d39181b&quot;</ETag><Size>51</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>amol.txt</Key><LastModified>2021-11-25T09:12:47.000Z</LastModified><ETag>&quot;a33d2dd92a399806238f6d35ce995018&quot;</ETag><Size>10</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>mv.txt</Key><LastModified>2021-11-10T18:22:54.000Z</LastModified><ETag>&quot;ac2bb3da1a7d2204956c7a39e70d3a72&quot;</ETag><Size>570</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-1.jpg</Key><LastModified>2020-07-13T09:28:22.000Z</LastModified><ETag>&quot;6930fafb36176fb4bae5ea0b78ff06d7&quot;</ETag><Size>246305</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-2.jpg</Key><LastModified>2020-07-13T09:28:19.000Z</LastModified><ETag>&quot;ad53e5cb9de09ae993a8f113c3948d4a&quot;</ETag><Size>66032</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>photo-3.jpg</Key><LastModified>2020-07-13T09:28:18.000Z</LastModified><ETag>&quot;fbfb9f15f4cab25264e51d3912f69b1d&quot;</ETag><Size>8853</Size><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>

External links

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions