catalog logoThe IAM Privilege Catalog

services / Google Cloud / Firebase security rules publishing

Manage security rules releases, which define which security rules are live and used by security rules-enabled services.

firebaserules.​releases.​delete

If an attacker deletes a project's firestore security rules, it will reset the rules to a default which denies all requests, therefore making the app unusable.

Risks

  1. Policy destruction (CRITICAL)
  2. Denial-of-access (EVASION)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​firebase.​google.​com/​docs/​rules

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog