catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine images

Manage disk images.

Multiple organizational functions may often reside within Compute Engine. Risks generally require exploiting multiple privileges.

compute.​images.​get

The customer managed key ids, configured for the image, are be returned in the api. No raw encryption keys are exposed.

Risks

  1. Metadata discovery (LOW)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​images
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​images
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​images

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog