catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine images

Manage disk images.

Multiple organizational functions may often reside within Compute Engine. Risks generally require exploiting multiple privileges.

compute.​images.​useReadOnly

When combined with compute.instances.create, can allow access to image data.

Risks

  1. Data escalation (CRITICAL)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​images
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​images
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​images

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog