catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine global addresses

Manage global addresses used by cloud load balancers.

Limited attack compared to direct VM access; exploitation involves also exercising risks in load-balancer routing.

compute.​globalAddresses.​use

Requires an attacker to also be able to manipulate load-balancer routing rules to gain access to any network resource.

Risks

  1. Lateral movement (BOOST)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​ip-​addresses/​
  • https:​/​/​cloud.​google.​com/​load-​balancing/​docs/​choosing-​load-​balancer#​global-​regional
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​addresses
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​globalAddresses

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog