SYM_CONF_0176 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
When creating a new Google Cloud project in Terraform, not setting 'auto_create_network' to false causes a default network to be automatically created. This default network is overly permissive and may expose project resources to unnecessary risks.
Impact
If the default network is created, it often includes broad firewall rules that allow unrestricted internal communication and external access. Attackers could exploit these open configurations to move laterally within the network or access sensitive services, increasing the risk of unauthorized access or data breaches.