Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Dataflow job is not configured to use private IP addresses for its worker nodes, making them accessible over public networks. This increases exposure to unauthorized access and potential attacks from the internet.
Impact#
If exploited, attackers could connect to Dataflow worker nodes over the public internet, potentially leading to data breaches, resource misuse, or unauthorized manipulation of processing jobs. This exposes sensitive data and system resources to external threats.