high

Google Cloud Shell Bugs Expose User Credentials

Published Tue, Aug 18th, 2020

Platforms

Summary

Three vulnerabilities in Google Cloud Shell were discovered, allowing attackers to execute arbitrary code and potentially steal user credentials. The bugs affected Ruby gemspec parsing, TypeScript plugin loading, and Go binary path manipulation in Cloud Run. These issues arose from mismatches between Cloud Shell's threat model and the assumptions of its underlying open-source components.

Affected Services

Cloud Shell, Cloud Run

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Exploitablity Period

Known ITW Exploitation

Detection Methods

Monitor for suspicious activity in Cloud Shell instances, especially unexpected code execution or credential access. Review logs for unusual repository cloning or file access patterns.

Piercing Index Rating

Discovered by

David Dworken

More vulnerabilities...

low

S3 Crypto SDK vulnerabilities

Sophie Schmieg, Google

Mon, Aug 10th, 2020

low

CloudTrail S3 data events leak bucket Account ID

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in err...

Jonathan Rault, TrustOnCloud

Mon, Jul 27th, 2020

low

XSS on EC2 web console

Display of EC2 tags had XSS

Johann Rehberger

Wed, Jul 1st, 2020

View all