services / Google Cloud / Compute Engine addresses
Read and edit Compute Engine addresses
Allows discovering, reserving, and modifying IP addresses within Compute Engine. If IP ranges are narrowly constrained (e.g., from a /28 range), may allow an attacker to deny access to infrastructure.
compute.addresses.use
If used to attach a network address to an already compromised access, can allow lateral movement across a network.
Risks
Scope: LOW
This privilege allows access to data that are not meant to be public, but are otherwise not sensitive.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog