SYM_CONF_0205 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The configuration allows Google Compute Engine instances to be created with public IP addresses, making them directly accessible from the internet. This increases the risk of unauthorized access to your instances.
Impact
If exploited, attackers could connect to these exposed instances, potentially leading to data breaches, service disruption, or further compromise of your cloud environment. Publicly accessible instances are common targets for automated attacks and scanning.