Summary
A critical authentication bypass vulnerability was discovered in Google Cloud API Gateway, affecting its JWT authentication method. The flaw, stemming from a business logic bug in the ESPv2 service proxy, allowed attackers to bypass authentication controls by manipulating HTTP methods. This vulnerability impacted various authentication methods including Firebase, Auth0, Okta, and Google ID tokens.
Affected Services
API Gateway, Cloud Run, App Engine, Cloud Functions
Remediation
Upgrade to ESVP2 proxy release v2.43.0 or higher. This release ensures that JWT authentication occurs even when the caller specifies x-http-method-override.
Tracked CVEs
CVE-2023-30845
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Wed, Feb 1st, 2023
Exploitablity Period
Until 2023/03/01
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected PUT requests with x-http-method-override header set to POST. Review logs for successful access to restricted endpoints without proper authentication.
Piercing Index Rating
-
Discovered by
Panagiotis Vasilikos
