VDB

GCVE-110-CLOUD-2019-0011

GCVE-110-CLOUD-2019-0011
Advisory Published
Vulnetix · Advisory published January 20, 2019
A GCP Organizations name could be changed through the (deprecated) organizations.update method in the Resource Manager, even though the documentation said the "displayName" was read-only. With this, I could have my own organization and name it as another one and confuse users: - Rename an organization "<IMPORTANT-COMPANY>.com" - Share it with "domain:<IMPORTANT-COMPANY>.com" (Effectively sharing it with every Google user with a @<IMPORTANT-COMPANY>.com account) - Profit from unsuspecting users creating resources in my organization, specially billing accounts or building projects that manage sensible information.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Services
GCPGCP Organizations

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›