SYM_CONF_0166 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code assigns BigQuery table access to 'allUsers' or 'allAuthenticatedUsers', making the table publicly accessible to anyone on the internet or any authenticated Google user. This exposes sensitive data to unauthorized access.
Impact
If exploited, anyone—including malicious actors—could view or manipulate the data in your BigQuery tables. This can lead to data leaks, privacy violations, and potential regulatory non-compliance for your organization.