Summary
A vulnerability was discovered in Google Cloud Platform's AI Hub service, allowing unrestricted file uploads. This could potentially lead to bypassing Same-Origin Policy by uploading SWF files, enabling CSRF attacks across browsers, and exploiting CVE-2014-8453 on IE with Adobe Reader installed. The issue resulted in a $1337 bounty reward.
Affected Services
AI Hub
Remediation
None required
Tracked CVEs
CVE-2014-8453
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unusual file uploads or unexpected file types being served from the AI Hub service. Implement strict file type restrictions and content disposition headers for uploaded files.
Piercing Index Rating
-
Discovered by
Missoum Said
