Using the default service account on a compute instance allows an attacker to spread through the network
Severity | Exploitability | Providers | Categories |
---|---|---|---|
CRITICAL | HIGH | Google Cloud Provider | PERMISSION |
Description
The default service account has the Editor role. A compute instance configured with this account has the potential to access more resources than it should, and so could an attacker that gained access to this instance.
Note that if the default service account has been stripped from the Editor role, the vulnerability is mitigated but the service account could still be changed later on.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | True |
Potential spread of an attacker once a compute instance is compromised.
Remediation guidelines
Create a service accounts and remove the use of the default service account.