catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google Cloud SQL

A Cloud SQL instance is a VM managed by Google that runs the SQL database instance (as well as any accompanying containers)

Cloud SQL is used to store and serve sensitive and application-critical data. Breach of a cloud SQL database can lead to exfiltration of highly sensitive data, or interruption of mission-critical applications.

cloudsql.​instances.​stopReplica

Stops replication from the primary instance on a read replica. Requests are made directly to a replica, so any subsequent requests to that read replica will get outdated data.

Risks

  1. Defense destruction (EVASION)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​iam-​permissions
  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​iam-​overview
  • https:​/​/​cloud.​google.​com/​sql/​docs/​mysql/​roles-​and-​permissions
  • https:​/​/​cloud.​google.​com/​sql/​docs/​postgres/​replication/​manage-​replicas

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog