high

RCE in Google Cloud Deployment Manager

Published Thu, May 21st, 2020

Platforms

gcp

Summary

An RCE in Google Cloud Deployment Manager could have allowed an attacker to make requests to internal Google services, authenticated as a privileged service account.

Affected Services

Cloud Deployment Manager

Tracked CVEs

No tracked CVEs

References

https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Thu, May 7th, 2020

Exploitability Period

until 2020/05/20

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Ezequiel Pereira

More vulnerabilities...

low

GuardDuty detection bypass via cloudtrail

aws

GuardDuty detected CloudTrail being outright disabled, but did not detect if an attacker with the necessary permissions filtered out all events from CloudTrail via PutEventSelectors, resulting in d...

Spencer Gietzen, Rhino Secu...
low

GCP Cloudshell Cross-Site WebSocket Hijacking (CSWSH)

gcp

Google Cloudshell leveraged websockets without validating that the origin matched the current instance host. An attacker could therefore host a CSWSH attack on a Cloudshell instance they own, disab...

Psi
high

Google wide domain check bypass

gcp

A vulnerability in Google's common JavaScript library allowed bypassing domain validation checks across multiple Google products. By using a backslash character in URLs, an attacker could make the ...

David Schütz
View all