services / Google Cloud / Compute Engine images

Manage disk images.

Multiple organizational functions may often reside within Compute Engine. Risks generally require exploiting multiple privileges.


compute.​images.​deleteTagBinding

An attacker can exploit tag-based IAM policies to gain access to image data.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​images
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​images
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​images
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog