VDB

GCVE-110-CLOUD-2023-0008

GCVE-110-CLOUD-2023-0008
Advisory Published
Vulnetix · Advisory published November 30, 2023
Unit 42 researchers discovered a security risk in Google Workspace's domain-wide delegation feature that allows a GCP identity with necessary permissions to generate access tokens to impersonate Google Workspace users and access their data. This mismatch between GCP permissions and Google Workspace access could be exploited by malicious insiders or attackers with stolen credentials.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Services
GCPGoogle Workspace

References

advisory
advisory
advisory

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›