Vendor services misconfigurations

Cloud function with public admin privileges

Risk Level

Hazardous (3)



GCP cloud function {GcpCloudFunction} was detected running with public admin privileges, allowing any user on the internet to create, update, delete, set IAM policies and view source code for this function.
  • Recommended Mitigation

    Restrict the permitted roles or restrict this behavior to specific and authorized users only