catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google Cloud SQL

A Cloud SQL instance is a VM managed by Google that runs the SQL database instance (as well as any accompanying containers)

Cloud SQL is used to store and serve sensitive and application-critical data. Breach of a cloud SQL database can lead to exfiltration of highly sensitive data, or interruption of mission-critical applications.

cloudsql.​instances.​connect

This command temporarily changes the authorized networks for this instance to allow connections from your IP address. Note that authentication into the database is still separate, so this does not provide access to data.

Risks

  1. Network movement (BOOST)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​iam-​permissions
  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​iam-​overview
  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​roles-​and-​permissions
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​sql/​connect

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog