VDB
GCVE-110-CLOUD-2023-0062
GCVE-110-CLOUD-2023-0062
Advisory Published
Several vulnerabilities were present in how Google Cloud Shell (ssh.cloud.google.com) handled OAuth credentials. These included an open-redirect vulnerability, where attackers could redirect users to malicious sites to capture their credentials,
and a validation bypass that allowed tokens to be submitted to user-defined URIs, circumventing normal security checks. Additionally, Google Cloud Workstations did not correctly tie the state parameter to the session that generated it,
which allowed valid state parameters to be reused across different sessions and users. Combined, these issues created a scenario where credentials to Google Cloud Workstations were susceptible to phishing attacks.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Cloud Workstations, Cloud Shell | — | — |
| GCP | Cloud Services | — | — |
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.