SYM_CONF_0215 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The configuration enables a public IP address for a Google Cloud SQL database instance, making the database accessible from the internet. This increases exposure to unauthorized access and potential attacks.
Impact
If exploited, attackers could attempt to connect to the database from anywhere, increasing the risk of data breaches, unauthorized data manipulation, or service disruption. Exposing databases to the public internet often leads to credential brute-forcing and is a common target for automated attacks.