SYM_CONF_0202 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The configuration creates a Google Vertex AI notebook instance without explicitly disabling public IP access. This means the instance may be accessible from the public internet, increasing the risk of unauthorized access.
Impact
If exploited, an attacker could connect to the instance over the internet, potentially gaining access to sensitive data or code. This exposure increases the risk of data breaches, resource misuse, or further attacks on your cloud infrastructure.