risks / Policy discovery
Description
Allows an attacker to read access-control policies. May allow an attacker to focus attacks on policy weak points (e.g. overprovisioned accounts, or unsecured infrastructure).
Risk: LOW
This risk may assist in additional attacks, or gain access to confidential data that do not create organizational risk on their own.
Mitigations
- Avoid overprovisioned entitlements
Links
Affected Privileges
An attacker may be able to exploit this risk if they gain any of the following privileges:
Google Cloud Platform
Kubernetes
© 2023–present P0 Security and contributors to the IAM Privilege Catalog