Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This configuration grants public or anonymous access to a Google Pub/Sub topic by including ‘allUsers’ or ‘allAuthenticatedUsers’ in the IAM binding. This means anyone on the internet or any authenticated Google user can access the topic.
Impact#
If exploited, unauthorized users could publish or subscribe to messages on your Pub/Sub topic, potentially leading to data leaks, message tampering, spam, or disruption of your messaging workflows. This can compromise sensitive information and the integrity of your cloud infrastructure.