Assets

notifications-s3-bucket-31

s3-bucket · AWS · ap-south-1 · preview

Internet-exposed

Posture

critical
2
high
1
medium
9
low
3

Ownership

Applicationnotifications
TeamInfra
OwnerJames Ortiz
LanguageGo
Criticality
tier-1

Findings (16)

medium
Hardcoded AWS access key in source
Burp SuiteDAST
accepted
4.9
low
Terraform module pins old AMI with CVEs
TruffleHogSecrets
false positive
8.8
medium
JWT signed with weak HS256 secret
SnykSCA
triaged
4.7
medium
Path traversal in file download endpoint
Burp SuiteDAST
open
4.3
info
Log4Shell vulnerable dependency
CheckovIaC
triaged
5.3
medium
SSRF in webhook fetcher
GrypeContainer
accepted
7.4
critical
Missing CSP header on auth pages
Cloudflare WAFWAF
triaged
8.5
medium
Insecure deserialization in message queue consumer
TruffleHogSecrets
open
4.3
low
Path traversal in file download endpoint
DependabotSCA
triaged
4.5
medium
Unencrypted RDS snapshot
CheckmarxSAST
triaged
7.7
medium
Missing rate limiting on /login
GrypeContainer
triaged
9.8
critical
S3 bucket publicly readable
Burp SuiteDAST
open
7.5
high
Container running as root
Cloudflare WAFWAF
open
5.8
medium
Open Redis without auth
OWASP ZAPDAST
triaged
9.4