Disk Images Publicly Shared
ID: gcloud-disk-image-public-access
Severity: medium
Author: princechaddha
Tags: cloud,devops,gcp,gcloud,compute,security,storage,disk-images,gcp-cloud-config
Description
Section titled “Description”Ensure that your virtual machine disk images are not publicly shared with all other Google Cloud Platform (GCP) accounts in order to avoid exposing sensitive or confidential data. If required, you can share your disk images with specific GCP accounts only, without making them public.
YAML Source
Section titled “YAML Source”id: gcloud-disk-image-public-access
info: name: Disk Images Publicly Shared author: princechaddha severity: medium description: | Ensure that your virtual machine disk images are not publicly shared with all other Google Cloud Platform (GCP) accounts in order to avoid exposing sensitive or confidential data. If required, you can share your disk images with specific GCP accounts only, without making them public. impact: | Publicly shared disk images can expose sensitive application data and configurations to anyone with a Google Cloud account, potentially leading to security breaches. remediation: | Remove the "allAuthenticatedUsers" member from the IAM policy of affected disk images using the 'gcloud compute images remove-iam-policy-binding' command or through the Google Cloud Console. reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/publicly-shared-disk-images.html - https://cloud.google.com/compute/docs/images/managing-access-custom-images tags: cloud,devops,gcp,gcloud,compute,security,storage,disk-images,gcp-cloud-config
flow: | code(1) for(let projectId of iterate(template.projectIds)){ set("projectId", projectId) code(2) for(let image of iterate(template.images)){ image = JSON.parse(image) set("imageName", image.name) code(3) } }
self-contained: true
code: - engine: - sh - bash source: | gcloud projects list --format="json(projectId)"
extractors: - type: json name: projectIds internal: true json: - '.[].projectId'
- engine: - sh - bash source: | gcloud compute images list --project $projectId --no-standard-images --format="json(name)"
extractors: - type: json name: images internal: true json: - '.[]'
- engine: - sh - bash source: | gcloud compute images get-iam-policy $imageName --project $projectId --format="json(bindings[].members[])"
matchers: - type: word words: - '"allAuthenticatedUsers"'
extractors: - type: dsl dsl: - '"Disk image " + imageName + " in project " + projectId + " is publicly shared with all Google Cloud users"'# digest: 4a0a0047304502204f5fe6175038d8ae8f9ca04d4526a5b544ff323d1f60083d6a23c8369645a21502210097538dc98d9dc851d60cbc0f2f4c5987dcbb2d045ee56f3af740f364acc6ccc7:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/gcp/compute/gcloud-disk-image-public-access.yaml"