medium

Org policies bypass

Published Fri, Sep 10th, 2021

Platforms

Summary

Allows an attacker with privileges in the account to share resources outside of the account even when an org policy restricts this, thus enabling them to backdoor their access.

Affected Services

N/A

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Sat, May 15th, 2021

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Kat Traxler

More vulnerabilities...

medium

Org policies bypass

Allows an attacker with privileges in the account to share resources outside of the account even when an org policy restricts this, thus enabling them to backdoor their access.

Kat Traxler

Fri, Sep 10th, 2021

medium

Org policies bypass

Allows an attacker with privileges in the account to share resources outside of the account even when an org policy restricts this, thus enabling them to backdoor their access.

Kat Traxler

Fri, Sep 10th, 2021

medium

Org policies bypass

Allows an attacker with privileges in the account to share resources outside of the account even when an org policy restricts this, thus enabling them to backdoor their access.

Kat Traxler

Fri, Sep 10th, 2021

View all