SiteShadow
Back to vulnerability library
Detected byPro-tier static analysisPro

CLOUD01 Insecure Cloud Storage ACLs

What this means

SiteShadow flagged cloud storage configuration that appears to allow broader access than intended (public buckets/blobs, permissive ACLs, or overly broad IAM policies).

Why it matters

Public buckets frequently expose sensitive data and backups.

Safer examples

1) Make private the default

Disable public access by default and require explicit, reviewed exceptions.

2) Use least-privilege IAM policies

3) Separate public assets from private data

If you have a public bucket for static assets, keep it completely separate from backups/exports/uploads.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.