Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The subnetwork resource does not have ‘private_ip_google_access’ enabled, which prevents instances from accessing Google APIs and services using private IPs. This can force traffic over the public internet, reducing network security.
Impact#
Without private Google access, sensitive data from internal workloads may traverse public networks to reach Google services, increasing exposure to interception or unauthorized access. This weakens the security posture of cloud resources and may violate compliance requirements.