H3-2022-0089¶

Public Access to Amazon EBS Snapshot

Description¶

An Amazon EBS Snapshot in your AWS account is publicly accessible, either to everyone or to any authenticated (cross-account) AWS user.

Impact¶

Attackers may be able to access sensitive data in the EBS snapshot such as browser history and stored passwords

References¶

• AWS Best Practice - Prevent EBS Public Snapshots