Vendor services misconfigurations

Cloud function with policy members ‘all authenticated users’

Risk Level

Hazardous (3)



GCP cloud function {GcpCloudFunction} was detected running with policy bindings with 'allAuthenticatedUsers' in Members, allowing access to all authenticated users with a Google account.
  • Recommended Mitigation

    Restrict the authenticated access to the GCP cloud function to authorized users only.