catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud Billing Accounts

A cloud billing account is used to define who pays for a given set of Google Cloud resources and APIs. It is connected to a Google payments profile through which costs are charged.

Removing or updating billing information may render billable Google services or APIs unavailable.

billing.​accounts.​updatePaymentInfo

An account must have at least one payment method at all times, so the only payment method cannot be removed. However, the payment method could be updated to a card that will get declined, causing a DOS.

Risks

  1. Denial-of-service (HIGH)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​billing/​docs/​how-​to/​billing-​access
  • https:​/​/​cloud.​google.​com/​billing/​docs/​reference/​rest/​v1/​billingAccounts
  • https:​/​/​cloud.​google.​com/​billing/​docs/​how-​to/​custom-​roles

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog