VDB

GCVE-110-CLOUD-2023-0062

GCVE-110-CLOUD-2023-0062
Advisory Published
Vulnetix · Advisory published January 13, 2023
Several vulnerabilities were present in how Google Cloud Shell (ssh.cloud.google.com) handled OAuth credentials. These included an open-redirect vulnerability, where attackers could redirect users to malicious sites to capture their credentials, and a validation bypass that allowed tokens to be submitted to user-defined URIs, circumventing normal security checks. Additionally, Google Cloud Workstations did not correctly tie the state parameter to the session that generated it, which allowed valid state parameters to be reused across different sessions and users. Combined, these issues created a scenario where credentials to Google Cloud Workstations were susceptible to phishing attacks.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Workstations, Cloud Shell
GCPCloud Services

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›