SYM_CONF_0162 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The storage bucket is missing 'uniform_bucket_level_access', which means access permissions can be set at both the bucket and individual object levels. This can lead to inconsistent access controls and unintentional data exposure.
Impact
Without uniform bucket-level access, users may bypass centralized permission management, increasing the risk of unauthorized access or data leaks. Attackers or misconfigured users might gain access to sensitive files that should not be publicly available, potentially leading to data breaches or compliance violations.