Back to directory
WRITEUP #942

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

CloudPrivilege escalation
by@roinisimi(Roi Nisimi)
Program
Google
Published
Jul 18, 2023
Added to HackDex
Jul 24, 2023
Read Full Writeuphttps://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability/
RELATED WRITEUPS
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation
Escalating Privileges in Google Cloud via Open Groups
CloudPrivilege escalation
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat