high

Chronicle cross-customer bucket access

Published Tue, Sep 19th, 2023

Platforms

Summary

Customers can configure Chronicle to ingest data from customer-owned Cloud Storage buckets using an ingestion feed. Chronicle previously used a shared service account for all customers for granting permission to the bucket. Therefore, one customer's Chronicle instance could be configured to ingest data from another customer's Cloud Storage bucket. However, this required knowledge of the bucket URI.

Affected Services

Chronicle

Remediation

null

Tracked CVEs

No tracked CVEs

References

https://cloud.google.com/support/bulletins#gcp-2023-028 https://x.com/DoggoZW/status/1706290389974495650

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Tue, Sep 19th, 2023

Exploitablity Period

until Sept 19, 2023

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

DoggoZW

More vulnerabilities...

low

AWS AppStream Cloudtrail Bypass

Credentials can be extracted from AppStream. When used, they obscure the sourceIP and userName of the initial user. The sourceIP appears as appstream.amazonaws.com.

Saransh Rana, CRED

Mon, Sep 11th, 2023

high

Power Platform Custom Code information disclosure

A vulnerability in Power Platform could lead to unauthorized access to Custom Code functions used for custom connectors, thereby allowing cross-tenant information disclosure of secrets or other sen...

Evan Grant, Tenable

Fri, Aug 4th, 2023

low

Bad.Build

An information disclosure vulnerability in the Google Cloud Build service could have allowed an attacker to view sensitive logs if they had gained prior access to a GCP environment and had permissi...

Roi Nisimi, Orca Security

Tue, Jul 18th, 2023

View all