VDB

GCVE-110-CLOUD-2021-0001

GCVE-110-CLOUD-2021-0001
Advisory Published
Vulnetix · Advisory published December 30, 2021
A vulnerability in Google Cloud Platform's Identity-Aware Proxy (IAP) allowed attackers to bypass authentication and access IAP-secured web applications. The exploit involved creating a malicious IAP-secured app using the target's OAuth client ID, configuring query parameter-based routing to capture redirect tokens, and using these tokens to hijack authorized sessions.

Affected Products

VendorProductVersionsPlatforms
GCPDataflow
GCPCompute Engine
AWSCloud Services
AWSSageMaker Jupyter Notebook
AWSSageMaker
GCPCloud Services
GCPIdentity-Aware Proxy

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›