SYM_CONF_0171 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The configuration grants public access to a Google Cloud Storage bucket by assigning the 'allUsers' member, making the bucket and its contents accessible to anyone on the internet. This exposes data without requiring authentication.
Impact
If exploited, anyone can read, upload, or delete files in the affected storage bucket, leading to potential data leaks, unauthorized modifications, or loss of sensitive or critical information. This could result in privacy breaches, compliance violations, or service disruption.