Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code assigns IAM roles at the project level to Google Cloud’s default Compute Engine service account. Using default service accounts can grant excessive permissions and increase the risk of unintended access.
Impact#
If exploited, attackers or unauthorized users could leverage the default service account to access or modify resources across the project, potentially leading to data exposure, privilege escalation, or disruption of cloud services.