疑似Oday
Ensure that "Enable connecting to serial ports" configuration setting is disabled for all your production Google Compute Engine instances. The interactive serial console does not support IP-based access restrictions such as IP address whitelists. If enabled, clients can attempt to connect to your instance from any IP address if they know the username, SSH key, project ID, instance name and zone.
id: gcloud-vm-serial-console-enabled
info:
name: Interactive Serial Console Support Not Disabled
...