Summary
Multiple vulnerabilities were discovered in Google's Cloud Architecture Diagramming Tool, including XSS, unauthorized access to user data, and misconfigured storage buckets. The issues allowed accessing sensitive customer information and potentially executing arbitrary code. Google ultimately decommissioned the service due to the severity of the flaws.
Affected Services
Google Cloud Architecture Diagramming Tool
Remediation
None required. Google has decommissioned the affected service.
Tracked CVEs
CVE-2023-26140
References
https://jdomeracki.github.io/2024/11/09/sketchy_cheat_sheet/https://speakerdeck.com/jdomeracki/sketchy_cheat_sheet
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Wed, Nov 22nd, 2023
Exploitablity Period
Until 2024/10/01
Known ITW Exploitation
-
Detection Methods
Monitor for unauthorized access to Google Cloud resources and suspicious OAuth token grants to third-party applications.
Piercing Index Rating
-
Discovered by
Jakub Domeracki, Egnyte
