services / Google Cloud / Compute Engine forwarding rules
Manage layer 4 port forwarding rules within a Google Cloud load balancer.
Multiple organizational functions may often reside within Compute Engine. However, abuse of forwarding rules requires leveraging additional risks in VM / VPC configuration, such as sensitive data or access broadcast on open VPC ports.
compute.forwardingRules.pscCreate
Can be used to access Google managed services when a VM is already compromised.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog