high

Google Cloud Shell Bugs Expose User Credentials

Published Tue, Aug 18th, 2020

Platforms

Summary

Three vulnerabilities in Google Cloud Shell were discovered, allowing attackers to execute arbitrary code and potentially steal user credentials. The bugs affected Ruby gemspec parsing, TypeScript plugin loading, and Go binary path manipulation in Cloud Run. These issues arose from mismatches between Cloud Shell's threat model and the assumptions of its underlying open-source components.

Affected Services

Cloud Shell, Cloud Run

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Exploitability Period

Known ITW Exploitation

Detection Methods

Monitor for suspicious activity in Cloud Shell instances, especially unexpected code execution or credential access. Review logs for unusual repository cloning or file access patterns.

Piercing Index Rating

Discovered by

David Dworken

More vulnerabilities...

critical

Dropping a Shell in Google Cloud SQL

Researchers discovered vulnerabilities in Google Cloud SQL that allowed gaining unauthorized shell access to MySQL instances. By chaining SQL injection, parameter injection in mysqldump, and networ...

Ezequiel Pereira and Wouter...Aug 18, 2020

low

S3 Crypto SDK vulnerabilities

Sophie Schmieg, GoogleAug 10, 2020

low

CloudTrail S3 data events leak bucket Account ID

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in err...

Jonathan Rault, TrustOnCloudJul 27, 2020

View all