[Contribution] Add multiple bugs in GCP Cloud Shell - Githubissues

wiz-sec / open-cvdb

An open project to list all publicly known cloud vulnerabilities and CSP security issues

https://cloudvulndb.org

Creative Commons Attribution 4.0 International

306 stars 61 forks source link

[Contribution] Add multiple bugs in GCP Cloud Shell #187

Closed korniko98 closed 1 year ago

korniko98 commented 1 year ago

Summary (give a brief description of the issue)

Bugs in in GCP Cloud Shell:

XSS via uri parameter in file uploading feature
CSRF File uploading
Stored XSS in Markdown Viewer and oauth token hijacking

References (provide links to blogposts, etc.)

https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html https://security.googleblog.com/2023/06/google-cloud-awards-313337-in-2022-vrp.html