medium

GCP IAP bypass

Published Fri, Sep 17th, 2021
Platforms

Summary

Convincing a victim to click a specially crafted link would allow the attacker to bypass the Identity-Aware Proxy (a core component of BeyondCorp).

Affected Services

N/A

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Contributed by https://github.com/0xdabbad00
Disclosure Date
Fri, Sep 17th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Unknown

More vulnerabilities...

medium

Azure privilege escalation via Log Analytics role

Azure AD users could escalate their privileges using the Log Analytics Contributor role to reach the full Subscription Contributor role.

...
Karl Fosaaen, NetSPI

medium

Org policies bypass

Allows an attacker with privileges in the account to share resources outside of the account even when an org policy restricts this, thus enabling them to backdoor their access.

...
Kat Traxler

critical

Azurescape

Cross-account container escape

...
Yuval Avrahami, Palo Alto

View all