Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Assigning the ‘roles/editor’ permission at the folder level in GCP allows users to impersonate and manage all service accounts within that folder. This grants broad access and control that should be limited to trusted users only.
Impact#
If exploited, unauthorized users could gain full administrative access to resources in the folder, create or modify resources, and impersonate service accounts. This can lead to privilege escalation, data exposure, or compromise of critical infrastructure.