catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google Cloud SQL

The Cloud SQL database is the set of software and files that operates the MySQL, PostgreSQL, or SQL Server database service.

Cloud SQL is used to store and serve sensitive and application-critical data. Breach of a cloud SQL database can lead to exfiltration of highly sensitive data, or interruption of mission-critical applications.

cloudsql.​databases.​delete

With this privilege, users can delete databases within a Cloud SQL instance.

Risks

  1. Data destruction (CRITICAL)
  2. Infrastructure destruction (HIGH)
  3. Logs destruction (EVASION)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​iam-​permissions
  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​iam-​overview
  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​roles-​and-​permissions

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog