Ensure that your virtual machine disk images are not publicly shared with all other Google Cloud Platform (GCP) accounts in order to avoid exposing sensitive or confidential data. If required, you can share your disk images with specific GCP accounts only, without making them public.
You can share your virtual machine (VM) disk images with all authenticated Google Cloud users using the "allAuthenticatedUsers" member, regardless of whether they are part of your GCP organization or project. The "allAuthenticatedUsers" is a special member identifier that represents any user or service account that can sign in to Google Cloud Platform with a Google account. When you make your VM disk images public, these become publicly shared and everyone with a Google Cloud account can use them to create virtual machine instances. Most of the time the VM disk images will contain snapshots of your applications (including their data), therefore exposing your application content in this manner is not advised.
To identify any publicly shared disk images within your Google Cloud account, perform the following actions:
Remediation / Resolution
Misconfigured access permissions is a common security vulnerability that involves Google Cloud VM resources. Granting access permissions to "allAuthenticatedUsers" members can allow anyone with a Google account to access your disk images. To revoke access to your publicly shared virtual machine disk images by removing the "allAuthenticatedUsers" member binding from the associated policy, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Check for Publicly Shared Disk Images
Risk level: Medium