medium

GCP Cloudshell Vulnerabilities

Published Mon, Dec 16th, 2019

Platforms

Summary

Wouter ter Maat discovered 9 vulnerabilities in GCP Cloudshell that could allow an attacker to access resources in another customer's environment.

Affected Services

Cloudshell

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-1/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-2/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-3/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-4/https://www.youtube.com/watch?v=J2icGMocQds https://security.googleblog.com/2020/03/announcing-our-first-gcp-vrp-prize.html

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

Mon, Dec 16th, 2019

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Wouter ter Maat, Offensi

More vulnerabilities...

medium

GCP Cloudshell XSS and CSRF bugs

GCP Cloudshell has been affected by various XSS and CSRF vulnerabilities stemming from different root causes related to authentication handling, markdown editing, file uploading and more. Explotiat...

ObmiDec 15, 2019

medium

Google Cloud Platform VRP Prize Writeup

A vulnerability was discovered in Google Cloud Platform's AI Hub service, allowing unrestricted file uploads. This could potentially lead to bypassing Same-Origin Policy by uploading SWF files, ena...

Missoum SaidNov 29, 2019

medium

ALB HTTP request smuggling

ALBs found vulnerable to HTTP request smuggling (desync attack).

James Kettle (Portswigger),...Oct 4, 2019

View all