catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google App Engine Instances

An instance is the computing unit that fully hosts an App Engine application. An application may be running on one or more instances, with scaling and request routing managed by Google.

appengine.​instances.​enableDebug

Allows the user to SSH into the VM where the instance lives. Specific risks depend on instance and application configuration (and may require additional permissions based on configuration), but can potentially allow data exfiltration from the application or defacement of the application. There are no destruction risks since instances are intended to be short-lived (deleted/created according to demand) and do not store data intended to be persistent.

Risks

  1. Data exfiltration (CRITICAL)
  2. Defacement (HIGH)
  3. Automated data collection (BOOST)
  4. Lateral movement (BOOST)
  5. Resource hijacking (MEDIUM)
  6. Network discovery (LOW)
  7. Policy discovery (LOW)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​legacy/​standard/​java/​how-​instances-​are-​managed
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​reference/​rest/​v1/​apps.​services.​versions.​instances

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog