Summary
Wouter ter Maat discovered 9 vulnerabilities in GCP Cloudshell that could
allow an attacker to access resources in another customer's environment.
Affected Services
Cloudshell
Remediation
None required
Tracked CVEs
No tracked CVEs
References
https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-1/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-2/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-3/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-4/https://www.youtube.com/watch?v=J2icGMocQdshttps://security.googleblog.com/2020/03/announcing-our-first-gcp-vrp-prize.html
Contributed by https://github.com/korniko98
Entry Status
Finalized
Disclosure Date
Mon, Dec 16th, 2019
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Wouter ter Maat, Offensi
