low

Exfiltrate data via the logs of GCP Org policy

Published Wed, Sep 22nd, 2021
Platforms

Summary

Upon blocking a request, GCP Org policy constraints were logging the deny logs in Principal''s project and the blocking project. An attacker could use those logs to exfiltrate any data, by making request from a Principal they own from a defender project.

Affected Services

N/A

Remediation

Review denied logs in the defender project, because it was also logged there.

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Mon, Oct 12th, 2020
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Jonathan Rault, TrustOnCloud