SYM_CONF_0165 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Google Data Fusion instance is deployed without Stackdriver logging enabled. This means that important logs and audit trails for the instance’s activity are not being recorded.
Impact
Without Stackdriver logging, suspicious or unauthorized actions within the Data Fusion instance may go undetected, making it difficult to investigate security incidents or comply with audit requirements. This can increase the risk of undetected misuse or breaches.