catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud Build

A Cloud build describes where to find source code, how to build it, and where to store built artifacts.

Code and artifacts are generally stored in other services, such as Cloud storage.

cloudbuild.​builds.​approve

This allows the user to both approve or deny an existing build.

Risks

  1. Denial-of-service (HIGH)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​build/​docs/​iam-​roles-​permissions
  • https:​/​/​cloud.​google.​com/​build/​docs/​overview#​how_​builds_​work
  • https:​/​/​cloud.​google.​com/​build/​docs/​cloud-​build-​service-​account#​default_​permissions_​of_​service_​account
  • https:​/​/​cloud.​google.​com/​build/​docs/​api/​reference/​rest/​v1/​projects.​builds#​Build

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog