admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-08 11:43:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/cloud/gcp/compute/gcloud-disk-image-public-access.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

74 lines
2.4 KiB
YAML
Raw Blame History

id: gcloud-disk-image-public-access
info:
name: Disk Images Publicly Shared
author: princechaddha
severity: medium
description: |
Ensure that your virtual machine disk images are not publicly shared with all other Google Cloud Platform (GCP) accounts in order to avoid exposing sensitive or confidential data. If required, you can share your disk images with specific GCP accounts only, without making them public.
impact: |
Publicly shared disk images can expose sensitive application data and configurations to anyone with a Google Cloud account, potentially leading to security breaches.
remediation: |
Remove the "allAuthenticatedUsers" member from the IAM policy of affected disk images using the 'gcloud compute images remove-iam-policy-binding' command or through the Google Cloud Console.
reference:
- https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/publicly-shared-disk-images.html
- https://cloud.google.com/compute/docs/images/managing-access-custom-images
tags: cloud,devops,gcp,gcloud,compute,security,storage,disk-images,gcp-cloud-config
flow: |
code(1)
for(let projectId of iterate(template.projectIds)){
set("projectId", projectId)
code(2)
for(let image of iterate(template.images)){
image = JSON.parse(image)
set("imageName", image.name)
code(3)
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
gcloud projects list --format="json(projectId)"
extractors:
- type: json
name: projectIds
internal: true
json:
- '.[].projectId'
- engine:
- sh
- bash
source: |
gcloud compute images list --project $projectId --no-standard-images --format="json(name)"
extractors:
- type: json
name: images
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
gcloud compute images get-iam-policy $imageName --project $projectId --format="json(bindings[].members[])"
matchers:
- type: word
words:
- '"allAuthenticatedUsers"'
extractors:
- type: dsl
dsl:
- '"Disk image " + imageName + " in project " + projectId + " is publicly shared with all Google Cloud users"'
# digest: 4a0a0047304502204f5fe6175038d8ae8f9ca04d4526a5b544ff323d1f60083d6a23c8369645a21502210097538dc98d9dc851d60cbc0f2f4c5987dcbb2d045ee56f3af740f364acc6ccc7:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink