medium

Google Cloud Platform VRP Prize Writeup

Published Fri, Nov 29th, 2019

Platforms

Summary

A vulnerability was discovered in Google Cloud Platform's AI Hub service, allowing unrestricted file uploads. This could potentially lead to bypassing Same-Origin Policy by uploading SWF files, enabling CSRF attacks across browsers, and exploiting CVE-2014-8453 on IE with Adobe Reader installed. The issue resulted in a $1337 bounty reward.

Affected Services

AI Hub

Remediation

None required

Tracked CVEs

CVE-2014-8453

References

https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Exploitability Period

Known ITW Exploitation

Detection Methods

Monitor for unusual file uploads or unexpected file types being served from the AI Hub service. Implement strict file type restrictions and content disposition headers for uploaded files.

Piercing Index Rating

Discovered by

Missoum Said

More vulnerabilities...

medium

ALB HTTP request smuggling

ALBs found vulnerable to HTTP request smuggling (desync attack).

James Kettle (Portswigger),...Oct 4, 2019

high

Google App Engine RCE Worth $36k

Researcher discovered access to non-production Google App Engine environments and internal APIs. This allowed configuring internal settings like Service Account IDs and quotas. Google considered it...

Ezequiel PereiraAug 31, 2019

high

Lake Formation data lake admin override

Shortly after Lake Formation was made generally available, a bug was discovered that gave anyone the ability to view and override data lake admins for any account (an attacker would have only neede...

Ian MckayAug 15, 2019

View all