catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine health checks

Create and manage health checks used by Cloud load balancers.

Exploitation relies on multiple additional exercisable risks, including poorly secured backend endpoints, the ability to route to this infrastructure, and provisioned forwarding rules to the subject backends.

compute.​healthChecks.​update

May make backend infrastructure unroutable for intended uses.

Risks

  1. Denial-of-service (HIGH)
  2. Infrastructure destruction (HIGH)
  3. Network destruction (HIGH)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​load-​balancing/​docs/​health-​checks
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​health-​checks
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​healthChecks

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog