high

Sketchy Cheat Sheet

Published Sat, Nov 9th, 2024

Platforms

Summary

Multiple vulnerabilities were discovered in Google's Cloud Architecture Diagramming Tool, including XSS, unauthorized access to user data, and misconfigured storage buckets. The issues allowed accessing sensitive customer information and potentially executing arbitrary code. Google ultimately decommissioned the service due to the severity of the flaws.

Affected Services

Google Cloud Architecture Diagramming Tool

Remediation

None required. Google has decommissioned the affected service.

Tracked CVEs

CVE-2023-26140

References

https://jdomeracki.github.io/2024/11/09/sketchy_cheat_sheet/https://speakerdeck.com/jdomeracki/sketchy_cheat_sheet

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Wed, Nov 22nd, 2023

Exploitability Period

Until 2024/10/01

Known ITW Exploitation

Detection Methods

Monitor for unauthorized access to Google Cloud resources and suspicious OAuth token grants to third-party applications.

Piercing Index Rating

Discovered by

Jakub Domeracki, Egnyte

More vulnerabilities...

high

Issue with data.all Framework Multiple CVEs

Multiple security vulnerabilities were identified in data.all, an open source development framework for building data marketplaces on AWS. The issues affect versions 1.0.0 through 2.6.0 and include...

Amazon Web ServicesNov 8, 2024

high

Repo swatting attack deletes/blocks GitHub and GitLab accounts

A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to...

Paul McCarty, SourceCodeRedNov 1, 2024

high

Confused Deputy Vulnerability in Amazon DataZone

A vulnerability in Amazon DataZone allowed potential attackers to assume roles in AWS accounts by exploiting a confused deputy problem. This could have granted unauthorized access to sensitive data...

Carlos Mora, TrustOnCloudNov 1, 2024

View all