medium

SSRF in Google Cloud Monitoring

Published Thu, Nov 12th, 2020

Platforms

Summary

An SSRF bug in Google Cloud Monitoring's uptime check feature could have been used to leak the authentication token of the service account used for these checks. The issue was resolved but later bypassed by Omar Espino (@omespino), requiring another fix.

Affected Services

Google Cloud Monitoring

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Mon, Jun 1st, 2020

Exploitablity Period

-

Known ITW Exploitation

-

Detection Methods

-

Piercing Index Rating

-

Discovered by

David Nechuta

More vulnerabilities...

medium

SSRF in Google Cloud Monitoring

An SSRF bug in Google Cloud Monitoring's uptime check feature could have been used to leak the authentication token of the service account used for these checks. The issue was resolved but later by...

David Nechuta

Thu, Nov 12th, 2020

medium

SSRF in Google Cloud Monitoring

An SSRF bug in Google Cloud Monitoring's uptime check feature could have been used to leak the authentication token of the service account used for these checks. The issue was resolved but later by...

David Nechuta

Thu, Nov 12th, 2020

medium

SSRF in Google Cloud Monitoring

An SSRF bug in Google Cloud Monitoring's uptime check feature could have been used to leak the authentication token of the service account used for these checks. The issue was resolved but later by...

David Nechuta

Thu, Nov 12th, 2020