catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine images

Manage disk images.

Multiple organizational functions may often reside within Compute Engine. Risks generally require exploiting multiple privileges.

compute.​images.​create

When combined with a compromised source, a compromised storage bucket, and a known encryption key, can allow an attacker to exfiltrate a disk image.

Risks

  1. Data exfiltration (CRITICAL)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​images
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​images
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​images

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog