Google also announced, that then it will be increasing the payouts for annual Google Cloud Platform prizes in its Vulnerability Reward Programme (VRP). It will offer prizes to the top six vulnerability reports in GCP products submitted in 2020 with a cash prize of up to 313,337 dollars. The first place would win 313,337 dollars and the sixth place will end up with a thousand dollars. In order to be eligible, the bug hunters will have to submit a public write-up with the word limit of 31,337 words.
The Bug-
Google Cloud Shell is an interactive shell environment for Google Cloud Platform. It is a Linux with a browser-based front, that allows administrators to use various resources in the Google Cloud Platform.
Ter Maat noticed several issues in the cloud shell, the way it interacts with resources and authentication problems.
“When the Cloud Shell instance is done starting a terminal window is presented to the user,” ter Maat wrote in his write-up published in December. “Noteworthy is the fact that the gcloud client is already authenticated. If an attacker is able to compromise your Cloud Shell, it can access all your GCP resources.”
The researcher could connect to resources after launching the Cloud Shell, and as very few processes were running he was able to enter a container, escape it and access the ..
Support the originator by clicking the read the rest link below.
