services / Google Cloud / Google App Engine services

A service is a logical component of an application that can share state and securely communicate with other services.

Application functionality relies on services: deleting or updating services can prevent normal application function.


Allows modifying network traffic settings. An attacker could divert traffic to invalid versions, creating a DOS. Defacement impact when combined with versions.create, since they could deploy a version and then divert traffic to it. Also allows modifying ingress traffic settings, which could either lead to escalation by making access public, or restrict previously authorized access by narrowing the policy.



This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.


  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​reference/​rest/​v1/​apps.​services
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog