Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The storage bucket is configured to allow access to ‘allAuthenticatedUsers’, making it publicly accessible to anyone with a Google account. This means unauthorized users can view or modify the contents of the bucket.
Impact#
If exploited, attackers or unintended users could access sensitive files, upload malicious content, or disrupt storage resources. This can lead to data leaks, compliance violations, or service disruptions affecting your organization and customers.