high

Google wide domain check bypass

Published Sun, Mar 8th, 2020

Platforms

Summary

A vulnerability in Google's common JavaScript library allowed bypassing domain validation checks across multiple Google products. By using a backslash character in URLs, an attacker could make the regex parser and browser disagree on the authority (domain) portion of a URL, allowing injection of arbitrary domains that pass whitelisting checks.

Affected Services

Cloud Console, GMail API, Actions Console, YouTube Studio, Google Accounts

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://feed.bugs.xdavidhu.me/bugs/0008 https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Sat, Jan 4th, 2020

Exploitablity Period

Until 2020/03/06

Known ITW Exploitation

Detection Methods

Monitor for unexpected URL parsing behaviors, especially URLs containing backslash characters between the authority and path components.

Piercing Index Rating

Discovered by

David Schütz

More vulnerabilities...

critical

Azure App Service RCE

A Vulnerability in App Service could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system, thereby escaping the sandbox. This vulnerability allowed ...

Ronen Shustin, Check Point

Thu, Jan 30th, 2020

AWS uploaded sensitive data to public GitHub bucket

An AWS employee pushed sensitive data to a public github bucket, including customer information and credentials. Note: This issue is outside the scope of this database's usual criteria for inclusio...

Upguard

Thu, Jan 23rd, 2020

medium

GCP Speech to Text Information Disclosure

GCP's Speech-to-Text "operations/list" and "operations/get" APIs would return data that did not belong to the caller when no parameters were provided. It is unclear whether this was cross-custome...

Dan Maas

Sun, Jan 12th, 2020

View all