SYM_CONF_0219 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
This code allows 'allUsers' or 'allAuthenticatedUsers' to access a Google Cloud Run service, making it publicly or anonymously accessible. Anyone on the internet could reach this service without proper authentication controls.
Impact
If exploited, unauthorized users—including malicious actors—could access, interact with, or abuse the Cloud Run service. This could lead to data leakage, service disruption, or unexpected costs from misuse, potentially compromising sensitive information and the integrity of your application.