services / Google Cloud / Secret Manager Versions

A version in Secret Manager contains the contents of a secret along with metadata about the version.

Secret manager is a highly sensitive service. Secrets may include API keys, encryption secret keys, login credentials, and other extremely sensitive data.

secretmanager.​versions.​enable

This can be used for a DOS by enabling a out-of-date or otherwise incorrect version of the secret.

Risks

1. Denial-of-service (HIGH)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.