services / Google Cloud / Compute Engine disks

Read and edit Compute Engine disks and disk assignments.

Multiple organizational functions may often reside within Compute Engine.


Can allow data access if the attacker can attach the disk to an additionally compromised instance.



This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.


  • https:​/​/​cloud.​google.​com/​compute/​docs/​disks/​persistent-​disks
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog