gcloud-public-access-prevention-not-enabled: Enforce Public Access Prevention for Cloud Storage Buckets

日期: 2025-08-01 | 影响软件: gcloud public access prevention not enabled | POC: 已公开

漏洞描述

Ensure that the Public Access Prevention feature is enabled for your Google Cloud Storage buckets to restrict public access and protect sensitive data from accidental or malicious exposure.

PoC代码[已公开]

id: gcloud-public-access-prevention-not-enabled

info:
  name: Enforce Public Access Prevention for Cloud Storage Buckets
  author: princechaddha
  severity: high
  description: |
    Ensure that the Public Access Prevention feature is enabled for your Google Cloud Storage buckets to restrict public access and protect sensitive data from accidental or malicious exposure.
  impact: |
    Without Public Access Prevention, sensitive data stored in your Cloud Storage buckets may be publicly accessible, leading to potential data breaches.
  remediation: |
    Enable the Public Access Prevention feature for your Cloud Storage buckets to restrict public access and secure your data.
  reference:
    - https://cloud.google.com/storage/docs/public-access-prevention
  tags: cloud,devops,gcp,gcloud,google-cloud-storage,security,public-access-prevention,gcp-cloud-config

flow: |
  code(1)
  for(let projectId of iterate(template.projectIds)){
    set("projectId", projectId)
    code(2)
    for(let bucketName of iterate(template.buckets)){
      set("bucketName", bucketName)
      code(3)
    }
  }

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      gcloud projects list --format="json(projectId)"

    extractors:
      - type: json
        name: projectIds
        internal: true
        json:
          - ".[].projectId"

  - engine:
      - sh
      - bash
    source: |
      gcloud storage buckets list --project $projectId --format="json(name)"

    extractors:
      - type: json
        name: buckets
        internal: true
        json:
          - ".[].name"

  - engine:
      - sh
      - bash
    source: |
      gcloud storage buckets describe gs://$bucketName --format="json(public_access_prevention)" | jq -r '. // "null"'

    matchers:
      - type: word
        negative: true
        words:
          - "inherited"
          - "enforced"

    extractors:
      - type: dsl
        dsl:
          - '"Public Access Prevention is not enabled for the bucket " + bucketName + " in project " + projectId'
# digest: 4a0a00473045022100f5da0436a6b329b1bc22187624b39ca6eb16b8b7b500bad99158786c701d90c502200188b5517fb363ee7790049fc05f8d63ae6d8a23dc1763481b8bc1bc1333d301:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/gcp/storage/gcloud-public-access-prevention-not-enabled.yaml