catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud Run Jobs

A Cloud Run job is used for running code that executes for a period of time and exits once complete. Jobs may be executed on a one-off basis, a recurring schedule, or as part of a workflow.

Cloud run jobs may be used for important organizational tasks, such as processing of sensitive data.

run.​jobs.​run

If combined with create permission and iam.serviceAccounts.actAs on the Cloud Run service account, includes a resource hijacking risk.

Risks

  1. Resource hijacking (MEDIUM)
  2. Spend (MEDIUM)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​run/​docs/​resource-​model
  • https:​/​/​cloud.​google.​com/​run/​docs/​managing/​jobs
  • https:​/​/​cloud.​google.​com/​run/​docs/​reference/​rest/​v1/​namespaces.​jobs
  • https:​/​/​cloud.​google.​com/​run/​docs/​create-​jobs

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog