low

GCP Stackdriver Debugger SSRF

Published Thu, Dec 19th, 2019

Platforms

Summary

An SSRF bug in GCP's Stackdriver Debugger feature's code import could have been used to leak the authentication token of the user to an attacker-controlled server. Exploitation would require that the user had previously configured a specific code hosting service (such as GitHub), and could be tricked into clicking a malicious link.

Affected Services

GCP Stackdriver Debugger

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/

Contributed by https://github.com/ramimac

Disclosure Date

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Ron Chan

More vulnerabilities...

medium

GCP Cloudshell Vulnerabilities

Wouter ter Maat discovered 9 vulnerabilities in GCP Cloudshell that could allow an attacker to access resources in another customer's environment.

Wouter ter Maat, Offensi

Mon, Dec 16th, 2019

medium

GCP Cloudshell XSS and CSRF bugs

GCP Cloudshell has been affected by various XSS and CSRF vulnerabilities stemming from different root causes related to authentication handling, markdown editing, file uploading and more. Explotiat...

Obmi

Sun, Dec 15th, 2019

medium

ALB HTTP request smuggling

ALBs found vulnerable to HTTP request smuggling (desync attack).

James Kettle (Portswigger),...

Fri, Oct 4th, 2019

View all