low

Exfiltrate data via the logs of GCP Org policy

Published Wed, Sep 22nd, 2021

Platforms

Summary

Upon blocking a request, GCP Org policy constraints were logging the deny logs in Principal''s project and the blocking project. An attacker could use those logs to exfiltrate any data, by making request from a Principal they own from a defender project.

Affected Services

N/A

Remediation

Review denied logs in the defender project, because it was also logged there.

Tracked CVEs

No tracked CVEs

References

https://trustoncloud.com/exfiltrate-data-from-your-super-secure-google-cloud-project-using-the-security-control-built-to-prevent-it/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Mon, Oct 12th, 2020

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Jonathan Rault, TrustOnCloud

More vulnerabilities...

low

Predictible seed in Anthos Identity Service LDAP module

A vulnerability was discovered in the Anthos Identity Service (AIS) LDAP module of Anthos clusters on VMware versions 1.8 and 1.8.1 where a seed key used in generating keys is predictable. With thi...

Wed, Sep 22nd, 2021

high

AWS Workspace client RCE

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their web browser with attacker controlled content, the attacker can get zero click RCE under common circumstances.

David Yesland, Rhino Security

Tue, Sep 21st, 2021

medium

GCP IAP bypass

Convincing a victim to click a specially crafted link would allow the attacker to bypass the Identity-Aware Proxy (a core component of BeyondCorp).

Unknown

Fri, Sep 17th, 2021

View all