catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud Run Services

A Cloud Run service continuously runs code that responds to web requests or events. It will automatically scale the number of instances to match incoming requests.

Cloud Run services may be used to run core organizational infrastructure, such as web applications or REST APIs.

run.​services.​create

Allows creating and deploying a new service on Cloud Run. Also requires iam.serviceAccounts.actAs on the Cloud Run service account

Risks

  1. Resource hijacking (MEDIUM)
  2. Spend (MEDIUM)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​run/​docs/​resource-​model
  • https:​/​/​cloud.​google.​com/​run/​docs/​deploying
  • https:​/​/​cloud.​google.​com/​run/​docs/​managing/​services
  • https:​/​/​cloud.​google.​com/​run/​docs/​reference/​rest/​v1/​namespaces.​services

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog