catalog logoThe IAM Privilege Catalog

services / Google Cloud / Pub/Sub subscription

A Pub/Sub subscription receives messages published to a Pub/Sub topic.

Subscriptions can allow an attacker to read Pub/Sub messages, which may contain sensitive information.

pubsub.​subscriptions.​getIamPolicy

Risks

  1. Account discovery (LOW)
  2. Policy discovery (LOW)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​pubsub/​docs/​subscriber
  • https:​/​/​cloud.​google.​com/​pubsub/​docs/​access-​control

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog