SYM_CONF_0214 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
This configuration grants public or anonymous access to a BigQuery table by assigning 'allUsers' or 'allAuthenticatedUsers' as IAM members. This means anyone on the internet, or any Google-authenticated user, can access the table's data.
Impact
If exploited, sensitive data stored in the BigQuery table could be exposed to unauthorized users, leading to data leaks, compliance violations, or misuse of your organization's information. Attackers could read, query, or potentially modify your data without restriction.