Kat Traxler

The Document AI service unintentionally allows users to read any Cloud Storage object in the same project, in a way that isn't properly documented.
The Document AI service agent is auto-assigned with excessive permissions, allowing it to access all objects from Cloud Storage buckets in the same project.
Malicious actors can exploit this to exfiltrate data from Cloud Storage by indirectly leveraging the service agent's permissions.
This vulnerability is an instance of transitive access abuse, a class of security flaw where unauthorized access is gained indirectly
through a trusted intermediary.


Document AI data exfiltration

Liv Matan

Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to
inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as
well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private
Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.


Missing JWT issuer and signer validation in ALB middleware

Summary

Affected Services

Tracked CVEs

References

More vulnerabilities...

Document AI data exfiltration

Kat Traxler, Vectra AI

CloudImposer

Liv Matan, Tenable

Copilot Studio information disclosure via SSRF

Tenable