Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Assigning IAM roles to the default Compute Engine service account at the project level can grant overly broad permissions and increase the risk of unintended access. Default service accounts are not tailored for specific workloads and should not be used for project-wide privileges.
Impact#
If exploited, attackers or compromised workloads could use the default service account to gain elevated access across the entire GCP project, potentially allowing them to manipulate resources, access sensitive data, or escalate privileges. This weakens access controls and can lead to unauthorized actions within your cloud environment.