SYM_CONF_0199 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Dataproc cluster is configured without restricting network access to internal IPs only, allowing it to receive a public IP address. This exposes the cluster to the public internet, increasing the risk of unauthorized access.
Impact
If exploited, attackers could connect to the cluster over the internet, potentially gaining access to sensitive data or control over workloads running on the cluster. This exposure could lead to data breaches, service disruption, or unauthorized use of cloud resources.