Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Assigning the ‘roles/editor’ permission at the folder level in GCP allows users to manage all resources, including the ability to impersonate and control all service accounts within that folder. This grants broad and sensitive access beyond what is typically necessary.
Impact#
If exploited, an attacker or unauthorized user could take control of service accounts, escalate privileges, and access or modify resources across all projects in the folder. This can lead to data breaches, unauthorized actions, and compromise of critical cloud infrastructure.