You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Researcher found a way to disclose any user email address via CORS misconfiguration in IAP by opening a malicious domain, and implemented two different attack scenarios to read the email address of an authenticated or unauthenticated user.
Summary (give a brief description of the issue)
Researcher found a way to disclose any user email address via CORS misconfiguration in IAP by opening a malicious domain, and implemented two different attack scenarios to read the email address of an authenticated or unauthenticated user.
References (provide links to blogposts, etc.)
https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed
The text was updated successfully, but these errors were encountered: