SYM_CONF_0139 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Dataproc cluster IAM configuration allows access to 'allUsers' or 'allAuthenticatedUsers', making the cluster publicly accessible to anyone on the internet. This exposes sensitive data and resources to unauthorized parties.
Impact
If exploited, anyone could access, modify, or disrupt Dataproc clusters without authentication, leading to data breaches, unauthorized computation costs, or compromise of organizational assets. Attackers could potentially run arbitrary jobs or steal confidential information.