Vendor services misconfigurations

Cloud function with public invoker privileges

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

GCP cloud function {GcpCloudFunction} was detected running with public invoker privileges, allowing any user on the internet to invoke the function.
  • Recommended Mitigation

    Restrict the permitted roles or restrict this behavior to specific and authorized users. ## Remediation --- >1. Sign in to the GCP Console and go to the **[Cloud Functions](https://console.cloud.google.com/functions)** page. >2. Select the desired function by clicking on its name. >3. Choose **Permissions** tab. >4. Check the box of the desired **Cloud Functions Invoker** role for **allUsers** principal. >5. Choose **Remove**. >6. In the confirmation dialog box, choose **CONFIRM**.