TF 0305 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Roles should not be assigned to default service accounts
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
Roles are being assigned to default service accounts instead of using dedicated, purpose-specific service accounts. Default service accounts often have broad permissions, increasing the risk of excessive privilege exposure.
Impact
If exploited, attackers or unauthorized processes could leverage the overly permissive default service accounts to gain unnecessary access to resources, violating the principle of least privilege and increasing the risk of data exposure or service manipulation across the GCP environment.
Resolution
Use specialised service accounts for specific purposes.