Caveat 1: not my vulnerability and no association with the reporter.
Caveat 2: not 100% sure if Google Workspaces is also covered by the open-cvdb. This seems like a hybrid due to OICD credentials being part of GCP but it's really just Workspaces related.
Summary (give a brief description of the issue)
[A] Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization.
Caveat 1: not my vulnerability and no association with the reporter.
Caveat 2: not 100% sure if Google Workspaces is also covered by the open-cvdb. This seems like a hybrid due to OICD credentials being part of GCP but it's really just Workspaces related.
Summary (give a brief description of the issue)
[A] Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization.
References (provide links to blogposts, etc.)
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/