TF 0152 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
The S3 Bucket backing Cloudtrail should be private
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The S3 bucket used to store AWS CloudTrail logs is configured with public access, allowing anyone to view sensitive log data. This exposes detailed records of all API activity within the AWS account.
Impact
Public exposure of CloudTrail logs can reveal sensitive operational details, user activity, and configuration information, enabling attackers to identify vulnerabilities or plan targeted attacks against the AWS environment.
Resolution
Restrict public access to the S3 bucket