VDB
GCVE-110-CLOUD-2023-0038
GCVE-110-CLOUD-2023-0038
Advisory Published
Google users can find and install third-party OAuth applications from Google Marketplace that are integrated with Google Workspace.
Each OAuth application client in Google is associated with a GCP project. A bug in the way a GCP project enters a "pending deletion"
state when deleted, could have allowed threat actors to make a malicious application invisible and unremovable from the user's account.
If an attacker had managed to install an application in an account (e.g., through a phishing attack), they could have exploited this
vulnerability to hide their activity from the target user. Depending on the permissions of the malicious application, the attacker
could have silently gained access to sensitive information such as private Gmail correspondences, personal files and planned events
within the the victim's google account, as well as any GCP resources the user had access to.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Cloud Services | — | — |
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.