catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud functions

Cloud functions is a serverless computing service. Functions are triggered in response to events and the code runs in an environment fully managed by Google.

cloudfunctions.​functions.​get

Function metadata includes the following: - labels and descriptions associated with the function - build config (docker registry/repository, source code location, build-time env variables) - service deployment config (memory info, env variables available during execution, network traffic settings: ingress for function, egress for VPC connector, secret volume and env variable configuration) - configuration for events that trigger the function (service info for the service that triggers the info, filters on event fields) - encryption key name

Risks

  1. Data discovery (LOW)
  2. Infrastructure discovery (LOW)
  3. Network discovery (LOW)
  4. Policy discovery (LOW)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​functions/​docs/​reference/​iam/​permissions
  • https:​/​/​cloud.​google.​com/​functions/​docs/​reference/​rest/​v2/​projects.​locations.​functions

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog