services / Google Cloud / Compute Engine images

Manage disk images.

Multiple organizational functions may often reside within Compute Engine. Risks generally require exploiting multiple privileges.


compute.​images.​create

When combined with a compromised source, a compromised storage bucket, and a known encryption key, can allow an attacker to exfiltrate a disk image.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​images
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​images
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​images
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog