VDB

GCVE-110-CLOUD-2023-0038

GCVE-110-CLOUD-2023-0038
Advisory Published
Vulnetix · Advisory published April 21, 2023
Google users can find and install third-party OAuth applications from Google Marketplace that are integrated with Google Workspace. Each OAuth application client in Google is associated with a GCP project. A bug in the way a GCP project enters a "pending deletion" state when deleted, could have allowed threat actors to make a malicious application invisible and unremovable from the user's account. If an attacker had managed to install an application in an account (e.g., through a phishing attack), they could have exploited this vulnerability to hide their activity from the target user. Depending on the permissions of the malicious application, the attacker could have silently gained access to sensitive information such as private Gmail correspondences, personal files and planned events within the the victim's google account, as well as any GCP resources the user had access to.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Services

References

GhostToken
advisory
advisory

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›