The bucket policy allows the world to get, put, list, delete the affected bucket. S3 bucket policies are a type of access control list but are different than S3 ACLs. S3 bucket policies specify what actions are allowed or denied for which principals on the bucket that the bucket policy is attached to. You attach S3 bucket policies at the bucket level, but the permissions specified in the bucket policy apply to all the objects in the bucket.
An S3 Bucket Policy has been added that grants public access to your bucket. Get, put, list, and delete access has been granted to the world on the affected bucket. This allows anyone to get, put, list, and delete your bucket content. You can use bucket policies to grant permissions to individual AWS accounts; however, it is strongly recommended that you do not grant public access to your bucket unless you are absolutely certain. Consider alternative methods to provide public access to your buckets.
Remove the bucket permission that enables the world to get, put, list, and delete the contents of this bucket. See Updating ACL to Remove Public Access to Your Buckets
See Alternatives to Public Access for more information.