Six payouts have been awarded for vulnerabilities discovered in Theia, Vertex AI, Compute Engine, and Cloud Workstations.
Security vulnerabilities found in four Google Cloud Platform (GCP) projects have resulted in over $22,000 in bug bounties for a team of researchers.
The most profitable venture for the hacker duo Sreeram KL and Sivanesh Ashok was Vertex AI, a platform for machine learning training and deployment, which earned them two separate payouts of $5,000 each for a server-side request forgery (SSRF) vulnerability and its subsequent bypass.
Sreeram documented this vulnerability in a blog entry, highlighting that the issue was located in Vertex AI’s workbench feature, which facilitates the creation of Jupyter notebook-based development environments in the cloud.
By exploiting the SSRF vulnerability and tricking users into clicking on a malicious hyperlink, attackers could potentially hijack an authorization token, thereby gaining access to all of the victim’s GCP projects.
SSRF Vulnerability Overview
Sreeram explained that when they discovered a promising URL for SSRF, “the response to the original URL request appeared to mimic an authenticated request directed at compute.googleapis.com.” He noted, “Previous experience showed that these endpoints utilize the authorization header for credentials.”
They uncovered a URL – https://{INSTANCE-ID}-dot-us-central1.notebooks.googleusercontent.com/aipn/v2/proxy/{attacker.com}/compute.googleapis.com/ – that bypassed this verification, Sreeram pointed out. “Additionally, the vulnerable endpoint was a request lacking CSRF protection, a common oversight,” he stated.
RELATED CONTENT US Government Announces Third Hack The Pentagon Challenge
Finding attack targets was made easier as a victim’s subdomain can be easily identified through leaks to multiple third-party domains, including github.com, “via referers in the standard application flow.”
Google addressed this issue by implementing CSRF protection on the endpoints and enhancing domain validation processes.
Bypass of the Patch
Despite the fix deployment, Sreeram and Ashok noticed that altering compute.googleapis.com to something.google.com no longer triggered an error as it had in the past.
To circumvent the patch, they concluded there needed to be an open redirection in *.google.com.
JavaScript-based redirections were off the table, as the server did not parse the language, prompting them to utilize Google’s feed management service, FeedBurner. They realized that once the user deactivated the proxy, the service would redirect URLs back to their domain instead of proxying the RSS feed.
Their exploit concluded with a CSRF bypass employing a technique devised in 2020 by ‘@s1r1us’ targeting Jupyter Lab.
The second patch effort involved terminating support for *.google.com as a proxy URL.
“In researching this issue, we gained valuable insights into the functionality of managed GCP products, which also led us to discover additional vulnerabilities within GCP,” Sreeram remarked to The Daily Swig.
Discovery of Bugs in Theia, Compute Engine, and Workstations
This included further exploitation of the workbench feature in Theia, the integrated development environment (IDE) that Google uses in Cloud Shell, as elaborated in a separate blog post by Sreeram.
The duo exploited a known XSS vulnerability (CVE-2021-41038) which allowed them to commandeer an entire project by fetching the service account token from the metadata server. This claim earned them an additional bounty of $3,133.70.
They also discovered an SSH key injection vulnerability in Google Cloud’s Compute Engine, generating a payout of $5,000 along with a $1,000 bonus. This vulnerability, located in the SSH-in-browser feature, had the potential to lead to remote code execution (RCE) within a victim’s Compute Engine instance.
Moreover, Ashok outlined an authorization bypass in Cloud Workstations, yielding a reward of $3,133.70. This service provides fully managed development environments for enterprises that prioritize security. Details about this finding were shared in another blog post.
Overall, the researchers received a total of $22,267 from six separate bug bounty payouts.
The Daily Swig has requested comments from Google regarding these vulnerabilities and will provide updates if available.
IMPORTANT READING Analysis of CircleCI: A Post-Mortem on the Recent Breach
Based on an article from portsweigger.net: https://portswigger.net/daily-swig/google-pays-hacker-duo-22k-in-bug-bounties-for-flaws-in-multiple-cloud-projects
