Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This code configures a Google Compute Engine instance to use the default network, which by default assigns a public IP address to the VM. Exposing VMs to the public internet increases the risk of unauthorized access.
Impact#
If exploited, attackers could connect directly to the VM from the internet, potentially bypassing internal security controls. This can lead to data breaches, service disruption, or the VM being used as a launch point for further attacks within your cloud environment.