services / Google Cloud / Identity Aware Proxy web resource type.

Refers to every IAP secured web app in your project.

IAP is used to control access to cloud services. Changes to IAP related settings could remove access from mission-critical applications or grant an attacker access to sensitive resources.


iap.​web.​getSettings

Allows an attacker to read IAP related settings for this resource.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​iap/​docs/​customizing
  • https:​/​/​cloud.​google.​com/​iap/​docs/​reference/​rest
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog