신고된 GuardDuty 결과 문제[2023-05]
[AWS Amazon] 공지 참조
신고된 GuardDuty 결과 문제(AWS-2023-002)
Initial Publication Date: 05/18/2023 10:00AM EST
A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to grant public access to the bucket without triggering a GuardDuty alert. This specific issue would occur if the S3 bucket policy was updated within a single new policy that included both an "Allow" for "Principal::"*" or "Principal":"AWS":"*" in one statement (making the bucket public) and also a “Deny” for "Action": "s3:GetBucketPublicAccessBlock in another, which altered all callers’ ability (including GuardDuty) to check bucket configuration. Customers who use the recommended BPA feature would not have been impacted by this issue because the required previous step of disabling BPA would have triggered a different GuardDuty alert.
While the previous GuardDuty detection criteria and limitation was publicly documented here, we agreed with the researcher’s recommendation to alter this behavior and, as of April 28, 2023, have implemented a change to still provide a GuardDuty alert in this case.
We would like to thank Gem Security for responsibly disclosing this issue and working with us on its resolution.
이 문제를 발견하고 책임감 있게 AWS에 알려주신 MWR Cybersec의 연구원들께 감사드립니다. 보안 관련 질문이나 우려 사항은 aws-security@amazon.com을 통해 제출할 수 있습니다.
출처 : AWS Amazon 바로가기
Last updated