catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud DNS Managed Zone

A DNS zone hosted and managed by the Cloud DNS service.

Cloud DNS supports a variety of different public and private zones, including forwarding zones and peering zones.

dns.​managedZones.​delete

Deleting the managed zone without deleting the records inside it leave those domains open for takeover.

Risks

  1. Domain takeover (CRITICAL)
  2. Denial-of-service (HIGH)
  3. Network destruction (HIGH)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​reference/​v1/​managedZones#​resource
  • https:​/​/​xebia.​com/​blog/​how-​to-​take-​over-​a-​subdomain-​in-​google-​cloud-​dns/​

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog