Commit
- Loading branch information
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| title: Bugs in GCP Cloudshell | ||
|
Check failure on line 1 in vulnerabilities/gcp-cloudshell-bugs.yaml
|
||
| slug: gcp-cloudshell-bugs | ||
|
Check failure on line 2 in vulnerabilities/gcp-cloudshell-bugs.yaml
|
||
| cves: null | ||
| affectedPlatforms: | ||
| - GCP | ||
| affectedServices: | ||
| - GCP Cloudshell | ||
|
Check failure on line 7 in vulnerabilities/gcp-cloudshell-bugs.yaml
|
||
| image: amitai | ||
|
Check failure on line 8 in vulnerabilities/gcp-cloudshell-bugs.yaml
|
||
| severity: Medium | ||
| discoveredBy: | ||
| name: Obmi | ||
|
Check failure on line 11 in vulnerabilities/gcp-cloudshell-bugs.yaml
|
||
| org: null | ||
| domain: https://obmiblog.blogspot.com/ | ||
|
Check failure on line 13 in vulnerabilities/gcp-cloudshell-bugs.yaml
|
||
| twitter: null | ||
| publishedAt: 2022/12/26 | ||
| disclosedAt: null | ||
| exploitabilityPeriod: null | ||
| knownITWExploitation: false | ||
| summary: | | ||
| Three flaws in GCP Cloudshell: The first is an XSS vulnerability through the `uri` parameter in the file uploading feature. The second is CSRF | ||
| in file uploading, and the third is stored XSS in the Markdown Viewer as well as OAuth token hijacking. | ||
| manualRemediation: | | ||
| null | ||
| detectionMethods: null | ||
| contributor: https://github.com/mer-b | ||
| references: | ||
| - https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html | ||
| - https://security.googleblog.com/2023/06/google-cloud-awards-313337-in-2022-vrp.html | ||
|
Check failure on line 28 in vulnerabilities/gcp-cloudshell-bugs.yaml
|
||
3ba21dcThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@check-spelling-bot Report
🔴 Please review
See the 📜action log for details.
Unrecognized words (8)
amitai
blogspot
cloudshell
gcp
googleblog
Obmi
obmiblog
vrp
To accept ✔️ these unrecognized words as correct and remove the previously acknowledged and now absent words, run the following commands
... in a clone of the git@github.com:wiz-sec/open-cvdb.git repository
on the
187-contribution-add-multiple-bugs-in-gcp-cloud-shellbranch (ℹ️ how do I use this?):If the flagged items are false positives
If items relate to a ...
binary file (or some other file you wouldn't want to check at all).
Please add a file path to the
excludes.txtfile matching the containing file.File paths are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your files.
^refers to the file's path from the root of the repository, so^README\.md$would exclude README.md (on whichever branch you're using).well-formed pattern.
If you can write a pattern that would match it,
try adding it to the
patterns.txtfile.Patterns are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your lines.
Note that patterns can't match multiline strings.