catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine disks

Read and edit Compute Engine disks and disk assignments.

Multiple organizational functions may often reside within Compute Engine.

compute.​disks.​use

Can allow data access if the attacker can attach the disk to an additionally compromised instance.

Risks

  1. Data destruction (CRITICAL)
  2. Automated data collection (BOOST)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​disks/​persistent-​disks

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog