high

Privilege escalation on Dialogflow cloud platform

Published Sun, Jun 13th, 2021

Platforms

Summary

A privilege escalation vulnerability was discovered in Google's Dialogflow cloud platform. When downgrading a user's role from Developer to Reviewer, the permissions were not properly updated, allowing the user to retain Developer-level access. This issue persisted in the Google Cloud Console, where role changes resulted in additive permissions instead of replacements.

Affected Services

Dialogflow

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://0x01alka.medium.com/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Tue, Apr 6th, 2021

Exploitablity Period

Until 2021/06/13

Known ITW Exploitation

Detection Methods

Administrators can verify user permissions in the Google Cloud Console IAM section to ensure they match the intended access levels set in Dialogflow.

Piercing Index Rating

Discovered by

lalka

More vulnerabilities...

low

Elastic Beanstalk - XSS in Web Console

An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be di...

Nick Frichette

Thu, Jun 3rd, 2021

critical

OMIGOD

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that would grant root RCE if an attacker could send a web request to them. Initially, Microsoft did not update the...

Nir Ohfeld, Wiz

Tue, Jun 1st, 2021

high

Password Reset Code Brute-Force Vulnerability in AWS Cognito

A vulnerability in AWS Cognito's password reset function allowed attackers to brute-force the six-digit reset code, potentially leading to account takeovers. Using concurrent HTTP requests, an atta...

Tobias Ospelt, Pentagrid AG

Fri, Apr 30th, 2021

View all