SYM_CONF_0300 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
S3 bucket objects are being created without specifying a customer-managed KMS key for encryption. This means data at rest may not be fully protected or controlled by your organization.
Impact
Without customer-managed KMS encryption, sensitive data stored in S3 could be more easily accessed if AWS defaults are compromised. This reduces control over key usage, access, and rotation, increasing the risk of unauthorized data exposure.