medium

SSRF in Google Cloud Monitoring

Published Thu, Nov 12th, 2020

Platforms

Summary

An SSRF bug in Google Cloud Monitoring's uptime check feature could have been used to leak the authentication token of the service account used for these checks. The issue was resolved but later bypassed by Omar Espino (@omespino), requiring another fix.

Affected Services

Google Cloud Monitoring

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Mon, Jun 1st, 2020

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

David Nechuta

More vulnerabilities...

low

Route table modification to imitate metadata service

An attacker with sufficient privileges in AWS to modify the route table and some other EC2 privileges, could pretend to be a metadata server and provide an attacker controlled bootup script to EC2s...

Ryan GerstenkornOct 19, 2020

low

Enumeration of Privileges Without Being Logged to CloudTrail

An attacker who gained access to IAM credentials could enumerate a subset of the privileges they had access to without logging to CloudTrail. This would allow them to perform the typically noisy pe...

Nick FrichetteOct 17, 2020

medium

AI Hub Jupyter Notebook instance CSRF

AI Hub Jupyter Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments.

s1r1usOct 17, 2020

View all