You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Caveat 1: not my vulnerability and no association with the reporter.
Caveat 2: not 100% sure if Google Workspaces is also covered by the open-cvdb. This seems like a hybrid due to OICD credentials being part of GCP but it's really just Workspaces related.
Summary (give a brief description of the issue)
[A] Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization.
Caveat 1: not my vulnerability and no association with the reporter.
Caveat 2: not 100% sure if Google Workspaces is also covered by the open-cvdb. This seems like a hybrid due to OICD credentials being part of GCP but it's really just Workspaces related.
Summary (give a brief description of the issue)
[A] Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization.
References (provide links to blogposts, etc.)
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
The text was updated successfully, but these errors were encountered: