Persistence Vulnerability in GCP Cloud Workstations
Published Sat, Jul 16th, 2022
Platforms
Summary
A critical security flaw in Google Cloud Platform's Cloud Workstations allows unauthorized access and privilege escalation. The vulnerability stems from persistent session management, enabling users to access and exploit credentials of higher-privileged users. This can lead to impersonation, creation of new service accounts with elevated permissions, and bypassing of access controls.
Affected Services
Cloud Workstations
Remediation
Avoid using shared workstations for sensitive operations. Implement strict session management and credential isolation. Regularly rotate access tokens and monitor for unauthorized access attempts.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected creation of service accounts or changes in IAM permissions. Implement logging and auditing of all actions in Cloud Workstations. Use GCP's Cloud Audit Logs to track API calls and identify anomalies.
Piercing Index Rating
-
Discovered by
Saransh Rana, CRED
