services / Google Cloud / Firebase security rules publishing

Manage security rules sources. By themselves, these don't do anything, but when they are referenced by the current release, they are the active rules.

firebaserules.​rulesets.​delete

While an attacker cannot delete the currently used ruleset, they can delete older rulesets which may cause a loss of historical rules information.

Risks

1. Logs destruction (EVASION)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.