Vendor services misconfigurations

Cloud function with public invoker privileges

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, CPRA, essential_8_au, GDPR, HITRUST, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, pipeda, UK Cyber Essentials

Description

GCP cloud function {GcpCloudFunction} was detected running with public invoker privileges, allowing any user on the internet to invoke the function.