low

GCP Stackdriver Debugger SSRF

Published Thu, Dec 19th, 2019

Platforms

gcp

Summary

An SSRF bug in GCP's Stackdriver Debugger feature's code import could have been used to leak the authentication token of the user to an attacker-controlled server. Exploitation would require that the user had previously configured a specific code hosting service (such as GitHub), and could be tricked into clicking a malicious link.

Affected Services

GCP Stackdriver Debugger

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

-

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Ron Chan

More vulnerabilities...

medium

GCP Cloudshell Vulnerabilities

gcp

Wouter ter Maat discovered 9 vulnerabilities in GCP Cloudshell that could allow an attacker to access resources in another customer's environment.

Wouter ter Maat, Offensi
medium

GCP Cloudshell XSS and CSRF bugs

gcp

GCP Cloudshell has been affected by various XSS and CSRF vulnerabilities stemming from different root causes related to authentication handling, markdown editing, file uploading and more. Explotiat...

Obmi
medium

Google Cloud Platform VRP Prize Writeup

gcp

A vulnerability was discovered in Google Cloud Platform's AI Hub service, allowing unrestricted file uploads. This could potentially lead to bypassing Same-Origin Policy by uploading SWF files, ena...

Missoum Said
View all