catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google App Engine version

A version is a specific set of source code and configuration files that are deployed to a service.

Resources for a version, including source code, must first be uploaded to a Cloud Storage bucket.

appengine.​versions.​get

Includes data discovery since it exposes names of Cloud Storage buckets, policy discovery since it includes VPC egress settings, and network discovery for network settings in the application environment..

Risks

  1. Data discovery (LOW)
  2. Infrastructure discovery (LOW)
  3. Network discovery (LOW)
  4. Policy discovery (LOW)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​reference/​rest/​v1/​apps.​services.​versions

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog