Azue Health privilege escalation via SSRF

Kat Traxler

GCP administrators face challenges in managing HMAC keys within their organizations, 
lacking visibility into which user accounts have generated these keys and whether they are 
actively being used to access storage objects. Additionally, there's a lack of functionality 
to revoke keys associated with other users, restricting their ability to enforce security 
policies effectively. Similarly, GCP incident response teams rely on Cloud Logging to monitor
Cloud Storage object access, but they lack specific indicators to determine if HMAC keys are
being utilized in these access attempts.


GCP HMAC Keys are not discoverable or revokable other than for self

Cloud Audit Logs do not capture actions mediated through the cloud console private API 
service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion 
linked to user accounts. This absence of logs hampers defenders' ability to alert or monitor 
the creation of HMAC keys for user accounts, posing a persistence risk, or their deletion, 
presenting a denial of service risk.


Copilot Studio information disclosure via SSRF

Summary

Affected Services

Tracked CVEs

References

More vulnerabilities...

Azue Health privilege escalation via SSRF

Tenable

GCP HMAC Keys are not discoverable or revokable other than for self

Kat Traxler, Vectra AI

GCP HMAC Keys do not log creation, deletion or usage

Kat Traxler, Vectra AI