services / Google Cloud / Compute Engine interconnect attachments
Interconnects provide connectivity between Compute Engine infrastructure and on-premises systems.
This privilege set may allow connection or disconnection of networks between multiple critical systems. To abuse creation of interconnects, multiple concurrent risks must be exploited, as abusing interconnects require access to a valid target on-premise facility, the ability to create interconnects, the ability to attach interconnects, and the ability to map interconnects to a compute router VLAN. The full set of privileges necessary to connect to a VLAN are: compute.interconnects.create, compute.interconnectAttachments.create, compute.interconnectAttachments.get, compute.routers.create, compute.routers.get, compute.routers.update.
compute.interconnectsAttachments.get
Exposes router IP addresses and VLAN tags.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security