catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud DNS Managed Zone

A DNS zone hosted and managed by the Cloud DNS service.

Cloud DNS supports a variety of different public and private zones, including forwarding zones and peering zones.

dns.​managedZones.​update

Can change the forwarding config, peering config, or visibility in order to create a DOS. Can change the visibility of the zone to public. Can update metadata.

Risks

  1. Denial-of-service (HIGH)
  2. Defense destruction (EVASION)
  3. Metadata destruction (MEDIUM)
  4. Network discovery (LOW)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​reference/​v1/​managedZones#​resource

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog