0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [#2976] No subject

Browse source
This commit is contained in:
CPol 2022-01-31 10:22:25 +00:00 committed by gitbook-bot
parent f7720fe8bb
commit 19dabfb033
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cloud-security/gcp-security/gcp-interesting-permissions/gcp-privesc-to-other-principals.md
View file

@ -153,3 +153,8 @@ For a more in-depth explanation visit [https://rhinosecuritylabs.com/gcp/iam-pri
### cloudbuild.builds.update
**Potentially** with this permission you will be able to **update a cloud build and just steal the service account token** like it was performed with the previous permission (but unfortunately at the time of this writing I couldn't find any way to call that API).
## References
* [https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/](https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/)
* [https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/](https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/#gcp-privesc-scanner)