Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code assigns ‘allUsers’ or ‘allAuthenticatedUsers’ as members to a Google Pub/Sub topic, making it accessible to anyone on the internet or any authenticated user. This configuration exposes the topic to unauthorized access.
Impact#
If exploited, anyone could publish or subscribe to the Pub/Sub topic, potentially leading to data leaks, unauthorized message injection, or service abuse. This can compromise sensitive information and disrupt application workflows.