services / Google Cloud / Compute Engine images
Manage disk images.
Multiple organizational functions may often reside within Compute Engine. Risks generally require exploiting multiple privileges.
compute.images.create
When combined with a compromised source, a compromised storage bucket, and a known encryption key, can allow an attacker to exfiltrate a disk image.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog