S3 Bucket Takeover vulnerability 

### Description
I found an unclaimed s3 bucket was using in [file](https://github.com/navcoin/NavHub/blob/master/content/projects/nav-pi/index.md), I claimed the bucket and uploaded poc.

### Steps to Reproduce:
1. Go to this [link](https://github.com/navcoin/NavHub/blob/master/content/projects/nav-pi/index.md) to check code
2. S3 bucket name: **s3.amazonaws.com/navpi-image** is using in index.md file

<img width="1440" alt="Screenshot 2024-07-07 at 9 41 33 PM" src="https://github.com/navcoin/NavHub/assets/22233431/f2bb2011-b1fe-4bcc-8a6b-064ebe2ba567">

3. Click here for POC: [https://s3.amazonaws.com/navpi-image/index.html](https://s3.amazonaws.com/navpi-image/index.html)

<img width="1440" alt="Screenshot 2024-07-07 at 9 50 16 PM" src="https://github.com/navcoin/NavHub/assets/22233431/c862e0df-f1e2-48e1-8a3f-e3756ed5ae92">


### Fix:

Please remove this S3 bucket from the code or tell me i will delete this bucket from my aws account and claim it.

### Impact:

- Attacker can get navcoin employees private IPs Whenever navcoin developers run this [project](https://github.com/navcoin/NavHub)
- Attacker can host malicious content on this bucket


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

S3 Bucket Takeover vulnerability #287

Description

Steps to Reproduce:

Fix:

Impact:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

S3 Bucket Takeover vulnerability #287

Description

Description

Steps to Reproduce:

Fix:

Impact:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions