An unauthenticated attacker can perform unauthorized read, write, or delete operations on protected S3 buckets by exploiting a path-based authentication bypass in s3-proxy.

This is an authentication bypass vulnerability caused by a mismatch between how the authentication middleware and the bucket handler resolve URL paths. An unauthenticated attacker can use path traversal or encoded characters to access restricted S3 namespaces.

This flaw allows for unauthorized data modification or exfiltration from S3 storage, directly threatening data integrity and confidentiality. Given the 9.4 CVSS score, this is a major security failure that could lead to the total exposure of sensitive object storage.

Immediate Action: Upgrade to s3-proxy version 5.0.0 or later.

Proactive Monitoring: Review S3 access logs for unexpected access requests or operations performed on sensitive buckets from unauthorized sources.

Compensating Controls: Implement bucket-level policies and IAM restrictions that limit the IP addresses or roles authorized to access the storage backend.

Public Exploit Available: false

Administrators should update s3-proxy immediately to version 5.0.0. Furthermore, ensure that the principle of least privilege is applied to all IAM entities interacting with the affected S3 buckets.