Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Assigning the Service Account User or Token Creator roles at the project level grants broad permissions, allowing users to act as any service account within the project. This can lead to excessive privileges and weakens the principle of least privilege.
Impact#
If exploited, attackers or unauthorized users could impersonate service accounts across the entire project, potentially accessing sensitive resources, escalating privileges, or performing unauthorized actions. This increases the risk of data breaches and unauthorized access to cloud services.