Cloud Storage bucket is publicly accessible Affecting Cloud Storage service in Google

Severity Framework Snyk CCSS

Rule category IAM / Public Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CIS-Google CSA-CCM HIPAA ISO-27001 SOC-2

Snyk ID SNYK-CC-00373
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Potentially anyone can access data stored in the bucket.

How to fix?

Remove allUsers and allAuthenticatedUsers values from member or members attribute.

Example Configuration

resource "google_storage_bucket_iam_member" "allowed" {
  bucket = "test"
  role   = "roles/storage.admin"
  member = "user:jane@example.com"
}

resource "google_storage_bucket_iam_binding" "allowed" {
  bucket = "test"
  role   = "roles/storage.admin"
  members = [
    "user:jane@example.com",
  ]
}

Cloud Storage bucket is publicly accessible Affecting Cloud Storage service in Google

Description

How to fix?

Example Configuration

Terraform

References