catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google App Engine Applications

A Google App Engine Applications are serverless web applications hosted and fully managed by Google.

App Engine applications can be used for a broad range of organizational functions and may include publicly available web applications. Therefore, viewing and modifying application configuration has the potential to significantly disrupt organizational operations.

appengine.​applications.​update

Allows modification of app IAP settings (which controls app authentication). This can a create DOS if the IAP config is changed in a way that disallows access. Also allows disabling IAP, in which case App Engine will stop requiring authentication for all incoming requests. This allows the attacker to gain access to your web application. Also allows modification of SSL keys, including modification of private keys. This allows the attacker to decrypt customer traffic and potentially perform a man-in-the-middle attack. Does not allow deploying to the application.

Risks

  1. Policy destruction (CRITICAL)
  2. Denial-of-service (HIGH)
  3. Lateral movement (BOOST)
  4. Defense destruction (EVASION)
  5. Denial-of-access (EVASION)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​reference/​rest/​v1/​apps.​services
  • https:​/​/​cloud.​google.​com/​beyondcorp-​enterprise/​docs/​securing-​app-​engine

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog