Writable RubyCi Amazon s3 bucket
High
R
Ruby
Submitted None
Actions:
Reported by
dataalchemist
Vulnerability Details
Technical details and impact analysis
Hello, I have discovered that the bucket:
http://rubyci.s3.amazonaws.com/
is able to be written to by authenticated aws users. This is due to the current permissions configurations
I have added a file here:
http://rubyci.s3.amazonaws.com/test.html
for proof of concept. This can be potentially dangerous to your users and website, as any of the web content in this bucket may be replaced with malicious files.
More info about these permissions can be found here: http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Improper Authentication - Generic