Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The configuration allows ‘allUsers’ or ‘allAuthenticatedUsers’ to access a Google Artifact Registry repository, making it publicly or anonymously accessible. This exposes the repository contents to anyone on the internet or anyone with a Google account.
Impact#
If exploited, unauthorized individuals could download, view, or potentially alter artifacts in the repository. This can lead to intellectual property leakage, distribution of malicious code, or compromise of internal applications, putting the organization’s assets and users at risk.