services / Google Cloud / Firebase security rules publishing

Manage security rules releases, which define which security rules are live and used by security rules-enabled services.


firebaserules.​releases.​delete

If an attacker deletes a project's firestore security rules, it will reset the rules to a default which denies all requests, therefore making the app unusable.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​firebase.​google.​com/​docs/​rules
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog