SYM_CONF_0170 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code creates a Google Cloud subnetwork without enabling VPC Flow Logs, which means network traffic within the subnet will not be logged. This lack of logging reduces visibility into what is happening in your network.
Impact
Without VPC Flow Logs, suspicious or unauthorized network activity may go undetected, making it harder to investigate security incidents or respond to potential breaches. This can delay detection of attacks and hinder compliance with auditing requirements.