VDB
GCVE-110-CLOUD-2021-0001
GCVE-110-CLOUD-2021-0001
Advisory Published
A vulnerability in Google Cloud Platform's Identity-Aware Proxy (IAP) allowed attackers to bypass authentication and access IAP-secured web applications. The exploit involved creating a malicious IAP-secured app using the target's OAuth client ID, configuring query parameter-based routing to capture redirect tokens, and using these tokens to hijack authorized sessions.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Dataflow | — | — |
| GCP | Compute Engine | — | — |
| AWS | Cloud Services | — | — |
| AWS | SageMaker Jupyter Notebook | — | — |
| AWS | SageMaker | — | — |
| GCP | Cloud Services | — | — |
| GCP | Identity-Aware Proxy | — | — |
References
Browse GCVE Records
73,280 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.