risks / Infrastructure discovery
Description
Allows an attacker to inventory infrastructure resources. May allow an attacker to focus attacks on specific resources. When component identifiers contain sensitive information (e.g. tenant identifiers), gives attackers access to this information.
Risk: LOW
This risk may assist in additional attacks, or gain access to confidential data that do not create organizational risk on their own.
Mitigations
- Avoid using sensitive component identifiers
Links
Affected Privileges
An attacker may be able to exploit this risk if they gain any of the following privileges:
Google Cloud Platform
Kubernetes
Google Workspace
© 2023–present P0 Security and contributors to the IAM Privilege Catalog