SYM_CONF_0183 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The firewall rule allows incoming HTTP (port 80) traffic from any IP address (0.0.0.0/0), exposing your Google Cloud resources to the public internet. This configuration lacks proper access restrictions and makes your services open to everyone.
Impact
An attacker could access exposed HTTP services, potentially leading to unauthorized data exposure, service misuse, or exploitation of application vulnerabilities. Unrestricted public access increases the risk of attacks such as brute-force attempts, data breaches, or denial-of-service, which could compromise your organization's security and operations.