VDB

GCVE-110-CLOUD-2020-0011

GCVE-110-CLOUD-2020-0011
Advisory Published
Vulnetix · Advisory published October 1, 2020
A vulnerability in Google Cloud Shell allowed escalation from XSS to full instance takeover as root. The attack exploited an XSS in the markdown preview functionality to read sensitive files, obtain the instance's private key and hostname, and gain SSH access as root. The issue affected the Eclipse Theia-based editor used in Cloud Shell.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Shell
GCPCloud Services

References

advisory

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›