SecurityWeek reports that updates have been released by Amazon Web Services to address a vulnerability in AWS Trusted Advisor that could be exploited to hinder proper signaling of unsecured S3 buckets.
Malicious actors could harness the issue by denying 's3:GetBucketAcl', 's3:GetPublicAccessBlock', or 's3:GetBucketPolicyStatus' actions within AWS S3 bucket policies, according to Fog Security researchers, who first identified the issue within AWS Trusted Advisor. Undetected data theft could also be facilitated by the configuration of a bucket containing anonymous and public permissions. Organizations have been urged by AWS to ensure their S3 bucket permissions' adherence to security requirements. "When S3 bucket policies prevent Trusted Advisor from performing certain actions [], customers should expect to see a 'Warn' status in their Trusted Advisor check. Previously, these buckets were incorrectly listed as ignored and potentially displayed incorrect status indicators for public access settings," said an AWS spokesperson.
Malicious actors could harness the issue by denying 's3:GetBucketAcl', 's3:GetPublicAccessBlock', or 's3:GetBucketPolicyStatus' actions within AWS S3 bucket policies, according to Fog Security researchers, who first identified the issue within AWS Trusted Advisor. Undetected data theft could also be facilitated by the configuration of a bucket containing anonymous and public permissions. Organizations have been urged by AWS to ensure their S3 bucket permissions' adherence to security requirements. "When S3 bucket policies prevent Trusted Advisor from performing certain actions [], customers should expect to see a 'Warn' status in their Trusted Advisor check. Previously, these buckets were incorrectly listed as ignored and potentially displayed incorrect status indicators for public access settings," said an AWS spokesperson.
