Insufficient Logging
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-778: Insufficient Logging |
| OWASP | A10:2017 - Insufficient Logging & Monitoring |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Google Cloud Storage bucket is created without enabling access logging. This means actions like reading, writing, or modifying data in the bucket are not being recorded.
Impact#
Without access logs, it becomes difficult to detect unauthorized access, investigate security incidents, or audit data usage. Attackers or malicious insiders could access or alter sensitive data without leaving a trace, increasing the risk of data breaches and compliance violations.