VDB
GCVE-110-CLOUD-2020-0011
GCVE-110-CLOUD-2020-0011
Advisory Published
A vulnerability in Google Cloud Shell allowed escalation from XSS to full instance takeover as root. The attack exploited an XSS in the markdown preview functionality to read sensitive files, obtain the instance's private key and hostname, and gain SSH access as root. The issue affected the Eclipse Theia-based editor used in Cloud Shell.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Cloud Shell | — | — |
| GCP | Cloud Services | — | — |
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.