Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Granting folder-level IAM permissions to the default Compute Engine service account allows this account broad access across all resources in the folder. Default service accounts are not intended for wide access and may be used by multiple workloads.
Impact#
If exploited, attackers or compromised workloads could leverage the default service account’s elevated permissions to access, modify, or delete resources across all projects in the folder, increasing the risk of privilege escalation and unauthorized access.