VDB
GCVE-110-CLOUD-2020-0004
GCVE-110-CLOUD-2020-0004
Advisory Published
Composer, Dataflow, Dataproc, Dataprep and Data Fusion all used the Compute Engine
default service account by default and relied on product-level IAM permissions
without requiring the iam.serviceAccount.actAs permission, meaning that users of
these services could elevate their privileges. Following disclosure, GCP changed
these services to require this permission.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Dataflow | — | — |
| GCP | Compute Engine | — | — |
| GCP | Composer, Dataflow, Dataproc, Dataprep, Data Fusion | — | — |
| GCP | Cloud Services | — | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.