catalog logoThe IAM Privilege Catalog

services / Google Cloud / Identity Aware Proxy tunnel destination groups resource type.

Refers to a particular group of VMs in you project. VMs are collected in a list of either CIDRs or FQDNs.

IAP is used to control access to cloud services. Changes to IAP related settings could remove access from mission-critical applications or grant an attacker access to sensitive resources.

iap.​tunnelDestGroups.​delete

Deletes an existing tunnel destination group. This could create a dos if the deleted item is used by other services since they would no longer have access.

Risks

  1. Denial-of-service (HIGH)
  2. Network destruction (HIGH)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​iap/​docs/​customizing
  • https:​/​/​cloud.​google.​com/​iap/​docs/​reference/​rest

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog