Ensure that Cloud Storage bucket is not anonymously or publicly accessible.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
The storage bucket IAM configuration includes ‘allUsers’ or ‘allAuthenticatedUsers’ as members, which grants public or anonymous access to the bucket’s data. This exposes stored objects to anyone on the internet or any authenticated Google user, bypassing organizational access controls.
Impact#
If exploited, sensitive data in the storage bucket can be accessed, downloaded, or modified by unauthorized users worldwide. This can lead to data leaks, regulatory violations, and loss of intellectual property or customer trust.
Resolution#
Restrict public access to the bucket.