Aws-cdk
Security
awscdk-bucket-grantpublicaccessmethod
awscdk-bucket-grantpublicaccessmethod
Using the GrantPublicAccess method on bucket contruct $X will make the objects in the bucket world accessible. Verify if this is intentional.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-306: Missing Authentication for Critical Function
OWASP:
- A07:2021 - Identification and Authentication Failures
awscdk-codebuild-project-public
awscdk-codebuild-project-public
CodeBuild Project $X is set to have a public URL. This will make the build results, logs, artifacts publically accessible, including builds prior to the project being public. Ensure this is acceptable for the project.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-306: Missing Authentication for Critical Function
OWASP:
- A07:2021 - Identification and Authentication Failures