medium

Bucket Traversal in Google Cloud Storage Transfer Manager

Published Tue, Jun 13th, 2023

Platforms

Summary

A bucket traversal vulnerability was discovered in the google.cloud.storage.transfer_manager.upload_chunks_concurrently() function of Google Cloud Storage. This issue could potentially allow unauthorized access to files in different buckets or directories within the same project.

Affected Services

Cloud Storage

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://bughunters.google.com/reports/vrp/h1K5SciPh

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Exploitablity Period

Known ITW Exploitation

Detection Methods

Monitor access logs for suspicious file access patterns across different buckets or directories within Google Cloud Storage projects.

Piercing Index Rating

Discovered by

Google Bug Hunters

More vulnerabilities...

medium

Azure App Services takeover via legacy API

Binary Security found two vulnerabilities in the legacy Azure Resource Manager (ARM) REST API. The first vulnerability allowed an attacker with Reader access to an Azure Function, acting from a Win...

Haakon Holm Gulbrandsrud, C...

Mon, Jun 12th, 2023

medium

AWS Directory Service not checking PassRole on EnableRoleAccess

AWS Directory Service didn't check the iam:PassRole permissions when using the EnableRoleAccess action. This could have been used for privilege escalation by an authenticated user with sufficient p...

Ben Bridts, Cloudar

Wed, Jun 7th, 2023

medium

Privilege escalation in GCP Cloud SQL

A vulnerability was discovered in Cloud SQL for SQL Server that allowed customer administrator accounts to create triggers in the tempdb database and use those to gain sysadmin privileges in the i...

Fri, Jun 2nd, 2023

View all