TF 0198 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Users should not be granted service account access at the organization level
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
Granting service account access at the organization level allows users to impersonate any service account across all projects. This broad permission should be restricted to only the specific service accounts required for a user's role.
Impact
If exploited, users can escalate privileges and act as any service account within the organization, enabling unauthorized access to sensitive resources, data exfiltration, or disruption of services across all projects.
Resolution
Provide access at the service-level instead of organization-level, if required