SYM_CONF_0184 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Insufficient Logging
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-778: Insufficient Logging |
| OWASP | A10:2017 - Insufficient Logging & Monitoring |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Google Cloud Storage bucket is created without enabling access logging. This means actions like reading, writing, or modifying data in the bucket are not being recorded.
Impact
Without access logs, it becomes difficult to detect unauthorized access, investigate security incidents, or audit data usage. Attackers or malicious insiders could access or alter sensitive data without leaving a trace, increasing the risk of data breaches and compliance violations.