services / Google Cloud / Cloud Billing Accounts
A cloud billing account is used to define who pays for a given set of Google Cloud resources and APIs. It is connected to a Google payments profile through which costs are charged.
Removing or updating billing information may render billable Google services or APIs unavailable.
billing.accounts.move
Along with billing.accounts.removeFromOrganization, allows moving the account to a new organization. This could allow the new organization to use the account and existing payment info for billing.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog