Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The firewall rule allows incoming HTTP (port 80) traffic from any IP address (0.0.0.0/0), exposing your Google Cloud resources to the public internet. This configuration lacks proper access restrictions and makes your services open to everyone.
Impact#
An attacker could access exposed HTTP services, potentially leading to unauthorized data exposure, service misuse, or exploitation of application vulnerabilities. Unrestricted public access increases the risk of attacks such as brute-force attempts, data breaches, or denial-of-service, which could compromise your organization’s security and operations.