Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Granting organization-level IAM roles to default Compute Engine service accounts in GCP can unintentionally give broad permissions to these accounts. This practice increases the risk of privilege misuse if the default service account is compromised.
Impact#
If an attacker gains access to a default service account with organization-level permissions, they could manipulate resources across the entire GCP organization, leading to data leaks, unauthorized changes, or disruption of critical services.