medium

IAP CORS Misconfiguration Allows Email Disclosure

Published Fri, Jan 6th, 2023

Platforms

Summary

A CORS misconfiguration in Google Cloud's Identity-Aware Proxy (IAP) could have allowed attackers to disclose the email address of an authenticated user in websites protected by IAP, by convincing the user to connect to an attacker-controlled domain. This vulnerability enabled attackers to exploit CORS settings to access sensitive email information of both authenticated and unauthenticated users (with the latter requiring additional social engineering).

Affected Services

Identity-Aware Proxy (IAP)

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed

Contributed by https://github.com/mer-b

Entry Status

finalized

Disclosure Date

Tue, May 3rd, 2022

Exploitablity Period

Until July 2022

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Borna Nematzadeh

More vulnerabilities...

medium

ACSESSED

Azure Cognitive Search (ACS) is a full-text search engine service. A new non-default feature allowed for a network control to bypassed, permitting an attacker to submit search queries to any other ...

Emilien Socchi, mnemonic

Thu, Dec 22nd, 2022

medium

Azure Serverless Functions escape to host

In Azure Serverless Functions, a new container is generated by the host for every function, which is then terminated and deleted after several minutes. Palo Alto discovered that an API call was ava...

Aviv Sasson, Daniel Prizman...

Thu, Dec 15th, 2022

critical

ECR Public vulnerability in undocumented API

A vulnerability in Elastic Container Registry (ECR) Public could have allowed a malicious actor to delete, update, or create ECR Public images, layers, or tags in registries and repositories belong...

Gafnit Amiga, Lightspin

Tue, Dec 13th, 2022

View all