services / Google Cloud / Compute Engine virtual-private-cloud networks
Allows management of virtual-private-cloud networks (VPCs). A VPC is a logically isolated network, allowing communication of instances within the network, isolation of instances from entities outside the network, and policy-based network controls between instances within the network, and entities outside of it.
VPCs are generally highly sensitive. Alterations to, or destruction of, the VPC can prevent instances from serving applications, processing data, and the like. Obtaining access to the VPC can allow access to attached instance services. Finally, altering a VPC can allow data to be extracted from an otherwise compromised instance.
compute.networks.updatePeering
Can be used to alter how routes are shared between VPCs, or prevent IPv6 traffic between VPCs.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security