Defining a GCP BigQuery dataset as publicly accessible can lead to data exposure
Severity | Exploitability | Providers | Categories |
---|---|---|---|
CRITICAL | HIGH | Google Cloud Provider | DATA, PERMISSION |
Description
GCP BigQuery is a managed data warehousing solution. Most of the data stored in BigQuery are accessible in tables. When defining a dataset, access roles and groups can be specified. If the "allAuthenticatedUsers" special group is used, all GCP users can access the data stored in the concerned BigQuery dataset.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | False |
- Data exposure
- Data loss
Remediation guidelines
Avoid using the special groups 'allAuthenticatedUsers' and 'allUsers',prefer specifying precise groups within the targeted organization.