catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud Build Worker Pools

A Cloud build worker pool is a dedicated pool of workers that offers customization over the build environment, including the ability to access resources in a private network.

cloudbuild.​workerpools.​use

This also requires builds.create. Allows a user to run a build on the worker pool. If the worker pool has access to a VPC network, provides an opportunity for network escalation.

Risks

  1. Network movement (BOOST)
  2. Spend (MEDIUM)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​build/​docs/​iam-​roles-​permissions
  • https:​/​/​cloud.​google.​com/​build/​docs/​private-​pools/​private-​pools-​overview

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog