[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-23666":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":31,"vuln_id":45,"name":46,"published":47,"updated":47},23666,{"tool":27,"engine":30},{"id":28,"name":29},2,"Cloud Scanner",null,{"id":25,"codename":30,"description":32,"severity":33,"risk_description":34,"public_description":35,"public_recommendation":36,"recommendation":37,"references":38,"cvssv3":30,"epss_score":30,"epss_percentile":30,"cve":30,"in_cisa_catalog":41,"date":30,"software_type":42,"vendor":43,"product":44,"ptt_exploit_capabilities":30},"Access control over a Google Cloud Storage bucket can be of two types:\n\n- uniform: access across all the bucket objects is the same and is granted through bucket-level Identity and Access Management (IAM) permissions, or\n- fine-grained: individuals may have different permissions on different objects, which are specified using object Access Control Lists (ACLs), in addition to the bucket-level IAM.\n\nThe bucket ACL specifies which entities have access on the bucket and with what permissions, depending on the role.\n\nTo standardize and streamline the process of granting access to the Google Cloud Storage resources, it is advised to employ uniform bucket-level access. It would also allow using other security features, like IAM conditions.\" ","low","Enabling uniform bucket-level access guarantees that if a Google Cloud Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either. ","Access control over a Google Cloud Storage bucket can be of two types:\n\n- uniform: access across all the bucket objects is the same and is granted through bucket-level Identity and Access Management (IAM) permissions, or\n- fine-grained: individuals may have different permissions on different objects, which are specified using object Access Control Lists (ACLs), in addition to the bucket-level IAM.\n\nThe bucket ACL specifies which entities have access on the bucket and with what permissions, depending on the role.\n\nTo standardize and streamline the process of granting access to the Google Cloud Storage resources, it is advised to employ uniform bucket-level access. It would also allow using other security features, like IAM conditions. ","Ensure that all Google Cloud Storage buckets have uniform bucket-level access enabled, if specific access to an object is not required. Else, we recommend reviewing the ACL entries and removing the ones that are not absolutely necessary or may pose vulnerabilities, and removing the getIAMpolicy from public entities, so the ACL could not be viewed.\n\nNotes:\n\n- The users whose access is solely granted by object ACLs will lose access if uniform bucket-level access is enabled.\n- When uniform bucket-level access is enabled for Cloud Storage buckets, some Google Cloud Platform (GCP) services, including Cloud Audit Logs and Datastore, cannot export to those buckets.\n- When switching to uniform bucket-level access, you cannot switch back to fine-grained access (ACLs) after 90 consecutive days.","We recommend ensuring that all Google Cloud Storage buckets have uniform bucket-level access enabled, if specific access to an object is not required. Else, we recommend reviewing the ACL entries and removing the ones that are not absolutely necessary or may pose vulnerabilities, and removing the getIAMpolicy from public entities, so the ACL could not be viewed.\n\nNotes:\n\n- The users whose access is solely granted by object ACLs will lose access if uniform bucket-level access is enabled.\n- When uniform bucket-level access is enabled for Cloud Storage buckets, some Google Cloud Platform (GCP) services, including Cloud Audit Logs and Datastore, cannot export to those buckets.\n- When switching to uniform bucket-level access, you cannot switch back to fine-grained access (ACLs) after 90 consecutive days.\" ",[39,40],"https://cloud.google.com/storage/docs/access-control/lists","https://cloud.google.com/storage/docs/uniform-bucket-level-access",false,"Cloud Storage","Google","Google Cloud Storage","CLOUDSCAN-02-0000014","Access Control List (ACL) detection on Google Cloud Storage buckets","2023-06-01T00:00:00Z"]