Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Artifact Registry repository is configured to grant access to ‘allUsers’ or ‘allAuthenticatedUsers’, making it publicly accessible or accessible to any authenticated Google user. This setting exposes your repository to unauthorized access.
Impact#
If exploited, anyone on the internet (or any authenticated Google user) could list, download, or even modify artifacts in your repository. This can lead to data leakage, tampering with packages, and potential supply chain attacks affecting your organization or customers.