SYM_CONF_0209 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
This configuration grants public or anonymous access to a Google Pub/Sub topic by including 'allUsers' or 'allAuthenticatedUsers' in the IAM binding. This means anyone on the internet or any authenticated Google user can access the topic.
Impact
If exploited, unauthorized users could publish or subscribe to messages on your Pub/Sub topic, potentially leading to data leaks, message tampering, spam, or disruption of your messaging workflows. This can compromise sensitive information and the integrity of your cloud infrastructure.