When the compute API is enabled on a GCP Project, the default compute account
is created. This account gets the primitive role Editor assigned by default, which
allows for a wide variety of privilege excalation and resource abuse in the project.
Especially, all new VMs created inherit this permissions by default. This issue
is arguably a technical decision by GCP, but the documents advise customers to
Remove these permissions, it can be done via an organization policy
No tracked CVEs