catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine backend services

Backend endpoints that may be referenced by load-balancer URL maps, or via Cloud CDN.

Used to serve dynamic content via a load balancer.

compute.​backendServices.​use

When combined with the ability to edit URL maps, allows an attacker to point a load-balancer URL to a backend service.

Risks

  1. Lateral movement (BOOST)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​load-​balancing/​docs/​backend-​service
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​backendServices
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​urlMaps/​insert

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog