catalog logoThe IAM Privilege Catalog

services / Google Cloud / App Engine operations

Operations represent long-running App Engine API calls. They are used for operations on applications, domainMappings, services, and versions.

The operation includes the data returned from the API call the operation is associated with. This means that viewing an operation includes access to view resource metadata, and would be the same risk as get and list on the resources.

appengine.​operations.​get

See applications.get, services.get, versions.get

Risks

  1. Data discovery (LOW)
  2. Infrastructure discovery (LOW)
  3. Network discovery (LOW)
  4. Policy discovery (LOW)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​reference/​rest/​v1/​apps.​operations

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog