A critical vulnerability is easily discoverable
by an external actor, exploitable, and results
in the direct ability to execute arbitrary code,
exfiltrate data, and otherwise gain additional
access and privileges to cloud resources and
workloads. Examples include publicly accessible
unprotected user data and public SSH access with
weak or no passwords.
Threat:
Indicates a threat that is able to access,
modify, or delete data or execute unauthorized
code within existing resources.
HIGH (2):
Vulnerability:
A high risk vulnerability can be easily
discovered and exploited in combination with
other vulnerabilities in order to gain direct
access and the ability to execute arbitrary
code, exfiltrate data, and otherwise gain
additional access and privileges to cloud
resources and workloads. An example is a
database with weak or no passwords that is only
accessible internally. This database could
easily be compromised by an actor that had
access to the internal network.
Threat:
Indicates a threat that is able to create new
computational resources in an environment but
not able to access data or execute code in
existing resources.
MEDIUM (3):
Vulnerability:
A medium risk vulnerability could be used by an
actor to gain access to resources or privileges
that enable them to eventually (through multiple
steps or a complex exploit) gain access and the
ability to execute arbitrary code or exfiltrate
data. An example is a service account with
access to more projects than it should have. If
an actor gains access to the service account,
they could potentially use that access to
manipulate a project the service account was not
intended to.
Threat:
Indicates a threat that is able to cause
operational impact but may not access data or
execute unauthorized code.
LOW (4):
Vulnerability:
A low risk vulnerability hampers a security
organization's ability to detect vulnerabilities
or active threats in their deployment, or
prevents the root cause investigation of
security issues. An example is monitoring and
logs being disabled for resource configurations
and access.
Threat:
Indicates a threat that has obtained minimal
access to an environment but is not able to
access data, execute code, or create resources.
Enums
Name
Description
SEVERITY_UNSPECIFIED
This value is used for findings when a source doesn't write a severity value.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[],[],null,["# Class Severity (1.39.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.39.0 (latest)](/python/docs/reference/securitycenter/latest/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.38.0](/python/docs/reference/securitycenter/1.38.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.37.0](/python/docs/reference/securitycenter/1.37.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.36.0](/python/docs/reference/securitycenter/1.36.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.35.1](/python/docs/reference/securitycenter/1.35.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.33.1](/python/docs/reference/securitycenter/1.33.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.32.1](/python/docs/reference/securitycenter/1.32.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.31.0](/python/docs/reference/securitycenter/1.31.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.30.1](/python/docs/reference/securitycenter/1.30.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.29.0](/python/docs/reference/securitycenter/1.29.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.28.0](/python/docs/reference/securitycenter/1.28.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.27.0](/python/docs/reference/securitycenter/1.27.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.26.1](/python/docs/reference/securitycenter/1.26.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.25.0](/python/docs/reference/securitycenter/1.25.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.24.1](/python/docs/reference/securitycenter/1.24.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.23.2](/python/docs/reference/securitycenter/1.23.2/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.22.0](/python/docs/reference/securitycenter/1.22.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.21.0](/python/docs/reference/securitycenter/1.21.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.20.0](/python/docs/reference/securitycenter/1.20.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.19.1](/python/docs/reference/securitycenter/1.19.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.18.2](/python/docs/reference/securitycenter/1.18.2/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.17.0](/python/docs/reference/securitycenter/1.17.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.16.2](/python/docs/reference/securitycenter/1.16.2/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.15.0](/python/docs/reference/securitycenter/1.15.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.14.0](/python/docs/reference/securitycenter/1.14.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.13.0](/python/docs/reference/securitycenter/1.13.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.12.0](/python/docs/reference/securitycenter/1.12.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.11.1](/python/docs/reference/securitycenter/1.11.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.10.0](/python/docs/reference/securitycenter/1.10.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.9.0](/python/docs/reference/securitycenter/1.9.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.8.0](/python/docs/reference/securitycenter/1.8.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.7.0](/python/docs/reference/securitycenter/1.7.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.6.0](/python/docs/reference/securitycenter/1.6.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.5.2](/python/docs/reference/securitycenter/1.5.2/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.4.0](/python/docs/reference/securitycenter/1.4.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.3.1](/python/docs/reference/securitycenter/1.3.1/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.2.0](/python/docs/reference/securitycenter/1.2.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.1.0](/python/docs/reference/securitycenter/1.1.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [1.0.0](/python/docs/reference/securitycenter/1.0.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [0.7.3](/python/docs/reference/securitycenter/0.7.3/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [0.6.0](/python/docs/reference/securitycenter/0.6.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [0.5.0](/python/docs/reference/securitycenter/0.5.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [0.4.0](/python/docs/reference/securitycenter/0.4.0/google.cloud.securitycenter_v1.types.Finding.Severity)\n- [0.3.0](/python/docs/reference/securitycenter/0.3.0/google.cloud.securitycenter_v1.types.Finding.Severity) \n\n Severity(value)\n\nThe severity of the finding. \n\n A critical vulnerability is easily discoverable\n by an external actor, exploitable, and results\n in the direct ability to execute arbitrary code,\n exfiltrate data, and otherwise gain additional\n access and privileges to cloud resources and\n workloads. Examples include publicly accessible\n unprotected user data and public SSH access with\n weak or no passwords.\n\n Threat:\n\n Indicates a threat that is able to access,\n modify, or delete data or execute unauthorized\n code within existing resources.\n HIGH (2):\n Vulnerability:\n\n A high risk vulnerability can be easily\n discovered and exploited in combination with\n other vulnerabilities in order to gain direct\n access and the ability to execute arbitrary\n code, exfiltrate data, and otherwise gain\n additional access and privileges to cloud\n resources and workloads. An example is a\n database with weak or no passwords that is only\n accessible internally. This database could\n easily be compromised by an actor that had\n access to the internal network.\n\n Threat:\n\n Indicates a threat that is able to create new\n computational resources in an environment but\n not able to access data or execute code in\n existing resources.\n MEDIUM (3):\n Vulnerability:\n\n A medium risk vulnerability could be used by an\n actor to gain access to resources or privileges\n that enable them to eventually (through multiple\n steps or a complex exploit) gain access and the\n ability to execute arbitrary code or exfiltrate\n data. An example is a service account with\n access to more projects than it should have. If\n an actor gains access to the service account,\n they could potentially use that access to\n manipulate a project the service account was not\n intended to.\n\n Threat:\n\n Indicates a threat that is able to cause\n operational impact but may not access data or\n execute unauthorized code.\n LOW (4):\n Vulnerability:\n\n A low risk vulnerability hampers a security\n organization's ability to detect vulnerabilities\n or active threats in their deployment, or\n prevents the root cause investigation of\n security issues. An example is monitoring and\n logs being disabled for resource configurations\n and access.\n\n Threat:\n\n Indicates a threat that has obtained minimal\n access to an environment but is not able to\n access data, execute code, or create resources."]]
