services / Google Cloud / Compute Engine addresses

Read and edit Compute Engine addresses

Allows discovering, reserving, and modifying IP addresses within Compute Engine. If IP ranges are narrowly constrained (e.g., from a /28 range), may allow an attacker to deny access to infrastructure.


compute.​addresses.​use

If used to attach a network address to an already compromised access, can allow lateral movement across a network.

Risks

Scope: LOW

This privilege allows access to data that are not meant to be public, but are otherwise not sensitive.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​ip-​addresses/​reserve-​static-​external-​ip-​address
  • https:​/​/​cloud.​google.​com/​compute/​docs/​ip-​addresses/​reserve-​static-​internal-​ip-​address
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog