TF 0348 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Service accounts should not have roles assigned with excessive privileges
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
The configuration assigns overly broad or privileged IAM roles to Google service accounts, granting them more permissions than necessary. This increases the risk of unauthorized access if the service account is compromised.
Impact
If a service account with excessive privileges is breached, an attacker could gain control over sensitive resources, escalate privileges, and potentially take over the entire Google Cloud project or account, leading to data loss or service disruption.
Resolution
Limit service account access to minimal required set