all InfoSec news
Reported GuardDuty Finding Issue
Latest Bulletins aws.amazon.com
Initial Publication Date: 05/18/2023 10:00AM EST
A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to grant public access to the bucket without triggering a GuardDuty alert. This specific issue would occur if the S3 bucket policy was updated within a single new policy that included both an "Allow" for "Principal::"*" or "Principal":"AWS":"*" in one statement (making …
access alert amazon amazon guardduty block change grant guardduty issue policy public researcher s3 bucket security security researcher