services / Google Cloud / Compute Engine images
Manage disk images.
Multiple organizational functions may often reside within Compute Engine. Risks generally require exploiting multiple privileges.
compute.images.deleteTagBinding
An attacker can exploit tag-based IAM policies to gain access to image data.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog