high

Google wide domain check bypass

Published Sun, Mar 8th, 2020

Platforms

gcp

Summary

A vulnerability in Google's common JavaScript library allowed bypassing domain validation checks across multiple Google products. By using a backslash character in URLs, an attacker could make the regex parser and browser disagree on the authority (domain) portion of a URL, allowing injection of arbitrary domains that pass whitelisting checks.

Affected Services

Cloud Console, GMail API, Actions Console, YouTube Studio, Google Accounts

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://feed.bugs.xdavidhu.me/bugs/0008https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Sat, Jan 4th, 2020

Exploitability Period

Until 2020/03/06

Known ITW Exploitation

-

Detection Methods

Monitor for unexpected URL parsing behaviors, especially URLs containing backslash characters between the authority and path components.

Piercing Index Rating

-

Discovered by

David Schütz

More vulnerabilities...

critical

Azure App Service RCE

azure

A Vulnerability in App Service could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system, thereby escaping the sandbox. This vulnerability allowed ...

Ronen Shustin, Check Point

AWS uploaded sensitive data to public GitHub bucket

aws

An AWS employee pushed sensitive data to a public github bucket, including customer information and credentials. Note: This issue is outside the scope of this database's usual criteria for inclusio...

Upguard
medium

GCP Speech to Text Information Disclosure

gcp

GCP's Speech-to-Text "operations/list" and "operations/get" APIs would return data that did not belong to the caller when no parameters were provided. It is unclear whether this was cross-custome...

Dan Maas
View all