high

Client-Side SSRF to Google Cloud Project Takeover

Published Thu, Jan 12th, 2023

Platforms

Summary

A vulnerability in Vertex AI Workbench allowed attackers to take over victims' Google Cloud projects through client-side SSRF. The initial bug involved unauthorized access to authentication tokens, which was later fixed. A bypass was later discovered (and also fixed) using open redirects in Feedburner and CSRF token manipulation.

Affected Services

Vertex AI Workbench

Remediation

None required.

Tracked CVEs

No tracked CVEs

References

https://blog.geekycat.in/posts/client-side-ssrf-to-google-cloud-project-takeover/

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

Exploitability Period

Known ITW Exploitation

Detection Methods

None.

Piercing Index Rating

Discovered by

Sivanesh Ashok, Sreeram KL

More vulnerabilities...

medium

IAP CORS Misconfiguration Allows Email Disclosure

A CORS misconfiguration in Google Cloud's Identity-Aware Proxy (IAP) could have allowed attackers to disclose the email address of an authenticated user in websites protected by IAP, by convincing ...

Borna NematzadehJan 6, 2023

medium

ACSESSED

Azure Cognitive Search (ACS) is a full-text search engine service. A new non-default feature allowed for a network control to bypassed, permitting an attacker to submit search queries to any other ...

Emilien Socchi, mnemonicDec 22, 2022

medium

Azure Serverless Functions escape to host

In Azure Serverless Functions, a new container is generated by the host for every function, which is then terminated and deleted after several minutes. Palo Alto discovered that an API call was ava...

Aviv Sasson, Daniel Prizman...Dec 15, 2022

View all