services / Google Cloud / BackendConfig custom resource definition for Google Kubernetes Engine

BackendConfig objects are reusable configurations for Kubernetes Service objects. BackendConfigs set the destination Service for incoming requests, thus they pertain to external-to-internal communications. Other ingress parameters of a BackendConfig include service response timeout, Cloud CDN, HTTP access logging, Session Affinity.

Backend Config is a piece of reusable configuration for an Ingress object. A BackendConfig does not take effect unless it is associated with an Ingress object.

container.​backendConfigs.​update

For BackendConfigs that are associated with Service, an update may remove a Cloud Armor Security Policy or route requests to a non-existent or malicious service.

Risks

1. Network destruction (HIGH)
2. Defense destruction (EVASION)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.