catalog logoThe IAM Privilege Catalog

services / Google Cloud / Response Policy Rule

A response policy rule contains a selector and optionally DNS records or configured behavior for answering DNS queries that match the selector.

dns.​responsePolicyRules.​update

A response policy rule can effectively be used by an attacker to redirect traffic on a domain within the VPC network the policy is attached to.

Risks

  1. Domain takeover (CRITICAL)
  2. Denial-of-service (HIGH)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​dns/​docs/​reference/​v1beta2/​responsePolicyRules
  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​zones/​manage-​response-​policies

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog