Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This configuration grants public or anonymous access to a BigQuery table by assigning ‘allUsers’ or ‘allAuthenticatedUsers’ as IAM members. This means anyone on the internet, or any Google-authenticated user, can access the table’s data.
Impact#
If exploited, sensitive data stored in the BigQuery table could be exposed to unauthorized users, leading to data leaks, compliance violations, or misuse of your organization’s information. Attackers could read, query, or potentially modify your data without restriction.