Assets

auth-service-s3-bucket-72

s3-bucket · AZURE · eu-central-1 · qa

Posture

critical
1
high
5
medium
4
low
7

Ownership

Applicationauth-service
TeamGrowth
OwnerElena Rossi
LanguagePython
Criticality
tier-2

Findings (20)

info
IAM role with wildcard permissions
SnykSCA
triaged
8.9
low
IAM role with wildcard permissions
GrypeContainer
open
5.9
info
SSRF in webhook fetcher
SonarQubeSAST
open
7.4
high
S3 bucket publicly readable
GrypeContainer
accepted
4.4
low
Race condition in payment idempotency
SonarQubeSAST
false positive
4.2
info
Race condition in payment idempotency
CheckmarxSAST
triaged
9.1
low
S3 bucket publicly readable
OWASP ZAPDAST
open
7.6
medium
Outdated lodash with prototype pollution
OWASP ZAPDAST
open
8
high
Missing rate limiting on /login
OWASP ZAPDAST
false positive
8.7
low
Open Redis without auth
WizCSPM
open
4.5
high
Excessive Kubernetes RBAC privileges
Burp SuiteDAST
open
6.5
critical
Unencrypted RDS snapshot
OWASP ZAPDAST
accepted
8.1
medium
Cross-site Scripting in profile renderer
Burp SuiteDAST
accepted
6.5
medium
IAM role with wildcard permissions
WizCSPM
open
7.5
high
IAM role with wildcard permissions
GitleaksSecrets
open
8
low
IAM role with wildcard permissions
ProwlerCSPM
open
7.6
low
Dependency confusion risk on internal package
Contrast RASPRASP
open
6.5