BigQuery dataset is publicly accessible Affecting BigQuery service in Google

Severity Framework Snyk CCSS

Rule category Data / Databases

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CIS-Google CSA-CCM HIPAA ISO-27001 SOC-2

Snyk ID SNYK-CC-00433
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Potentially anyone can access data in the dataset.

How to fix?

Remove allAuthenticatedUsers and allUsers values from access.special_group attribute.

Example Configuration

resource "google_bigquery_dataset" "allowed_3" {
  dataset_id                  = "example_dataset3"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "EU"
  default_table_expiration_ms = 3600000
  access {
    role          = "OWNER"
    special_group = "projectOwners"
  }
}

Terraform

google_bigquery_dataset