catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google App Engine Applications

A Google App Engine Applications are serverless web applications hosted and fully managed by Google.

App Engine applications can be used for a broad range of organizational functions and may include publicly available web applications. Therefore, viewing and modifying application configuration has the potential to significantly disrupt organizational operations.

appengine.​applications.​get

Includes data discovery because it reveals Cloud Storage bucket names

Risks

  1. Data discovery (LOW)
  2. Infrastructure discovery (LOW)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​reference/​rest/​v1/​apps.​services

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog