services / Google Cloud / Compute Engine managed instances

Create and alter managed instances.

Allows access to general core VM infrastructure, which can support a broad array of organizational functions. Note that the terms "instance" and "VM" are interchangeable within the compute engine documentation, although may have semantic differences within these privileges.

compute.​instances.​osLogin

Specific risks depend on the instance configuration, but can include most of the risks of `osAdminLogin`, subject to privileges granted within the instance OS and file systems. If the instance has a service account, additionally requires permission to act as that service account. Assuming traditionally root-level permissions are unavailable to users that log in via this privilege, alteration of services, logs, and networks, as well as metadata exfiltration, may be prevented. Compute resources may still be consumed assuming relatively liberal instance user limits. Backend services that serve or store data in accessible locations may be altered, or their data collected.

Risks

1. Data destruction (CRITICAL)
2. Data exfiltration (CRITICAL)
3. Defacement (HIGH)
4. Automated data collection (BOOST)
5. Lateral movement (BOOST)
6. Resource hijacking (MEDIUM)
7. Network discovery (LOW)
8. Policy discovery (LOW)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links