github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/iam/AVD-GCP-0009/docs.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/iam/AVD-GCP-0009/docs.md (about)

     1  
     2  Users with service account access at organization level can impersonate any service account. Instead, they should be given access to particular service accounts as required.
     3  
     4  ### Impact
     5  Privilege escalation, impersonation of any/all services
     6  
     7  <!-- DO NOT CHANGE -->
     8  {{ remediationActions }}
     9  
    10  ### Links
    11  - https://cloud.google.com/iam/docs/impersonating-service-accounts
    12  
    13