Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This code assigns a folder-level IAM role to a Google Cloud default service account. Default service accounts have broad permissions and are not intended for granular access control.
Impact#
If exploited, attackers or unauthorized users could abuse the over-privileged default service account to access or modify resources across all projects under the folder, increasing the risk of privilege escalation and data exposure.