services / Google Cloud / Secret Manager Versions

A version in Secret Manager contains the contents of a secret along with metadata about the version.

Secret manager is a highly sensitive service. Secrets may include API keys, encryption secret keys, login credentials, and other extremely sensitive data.

secretmanager.​versions.​get

This includes account discovery because the names of secrets may expose accounts that the secrets are associated with.

Risks

1. Account discovery (LOW)
2. Infrastructure discovery (LOW)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.