SYM_CONF_0197 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key Management Errors
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Bigtable instance is not configured to use a customer-managed encryption key (CMEK) for data encryption. This means your data relies solely on Google-managed keys, reducing your control over encryption and key management.
Impact
If not encrypted with a customer-managed key, sensitive data stored in Bigtable could be less protected against unauthorized access or regulatory non-compliance. An attacker or unauthorized third party with sufficient access could potentially obtain unencrypted data, and you lose the ability to rotate or revoke encryption keys if needed.