Defining a GCP BigQuery dataset as publicly accessible can lead to data exposure

Severity	Exploitability	Providers	Categories
CRITICAL	HIGH	Google Cloud Provider	DATA, PERMISSION

Description

GCP BigQuery is a managed data warehousing solution. Most of the data stored in BigQuery are accessible in tables. When defining a dataset, access roles and groups can be specified. If the "allAuthenticatedUsers" special group is used, all GCP users can access the data stored in the concerned BigQuery dataset.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	True	False	False

• Data exposure
• Data loss

Remediation guidelines

Avoid using the special groups 'allAuthenticatedUsers' and 'allUsers',prefer specifying precise groups within the targeted organization.

References

• Google Cloud Documentation - Access to datasets
• Terraform Google BigQuery module documentation
• Google Cloud Documentation - BigQuery Dataset IAM

Was this page helpful?