catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google App Engine version

A version is a specific set of source code and configuration files that are deployed to a service.

Resources for a version, including source code, must first be uploaded to a Cloud Storage bucket.

appengine.​versions.​create

Creating a version will deploy the provided source code to App Engine. This does not route any external traffic to the new version, but allows for resource hijacking.

Risks

  1. Resource hijacking (MEDIUM)
  2. Spend (MEDIUM)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​access-​control#​roles
  • https:​/​/​cloud.​google.​com/​appengine/​docs/​admin-​api/​reference/​rest/​v1/​apps.​services.​versions

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog