SYM_CONF_0187 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The BigQuery dataset resource is missing a customer-managed encryption key (CMK) configuration, meaning data is not encrypted with your own keys. This relies solely on default Google-managed encryption, reducing control over data security.
Impact
Without a customer-managed key, you lose granular control over data access and key rotation. If Google’s default keys are compromised or subpoenaed, sensitive data could be exposed without your ability to revoke access or audit key usage.