catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google App Engine Memcache

Memcache is a key-value store accessible to App Engine applications.

Memcache is not intended for persistent storage. Values can expire anytime, so users are recommended to only use memcache for values that the application can behave acceptably without. Examples of data commonly stored in memcache are session data and user preferences, as well as results of commonly used datastore queries. Scope is HIGH because this service may include sensitive customer data from cached datastore queries used by the application.

appengine.​memcache.​flush

This removes all key-value pairs from the cache, but it does not cause destruction since values may expire anytime and applications need to design around that. Repeated flushes may result in a DoS.

Risks

  1. Denial-of-service (HIGH)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​legacy/​standard/​python/​memcache/​using
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​legacy/​standard/​python/​memcache

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog