TF 0472 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Roles should not be assigned to default service accounts
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
This vulnerability occurs when IAM roles are assigned to default Google service accounts instead of custom, purpose-specific accounts. Default service accounts have broad permissions and are often shared across multiple services, which increases risk.
Impact
If exploited, this misconfiguration can grant excessive or unintended permissions to default service accounts, potentially allowing attackers or compromised workloads to access or modify critical resources across the organization, violating the principle of least privilege.
Resolution
Use specialised service accounts for specific purposes.