SYM_CONF_0145 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
This code configures a Google Compute Engine instance to use the default network, which by default assigns a public IP address to the VM. Exposing VMs to the public internet increases the risk of unauthorized access.
Impact
If exploited, attackers could connect directly to the VM from the internet, potentially bypassing internal security controls. This can lead to data breaches, service disruption, or the VM being used as a launch point for further attacks within your cloud environment.