VDB

GCVE-110-CLOUD-2023-0065

GCVE-110-CLOUD-2023-0065
Advisory Published
Vulnetix · Advisory published January 6, 2023
A CORS misconfiguration in Google Cloud's Identity-Aware Proxy (IAP) could have allowed attackers to disclose the email address of an authenticated user in websites protected by IAP, by convincing the user to connect to an attacker-controlled domain. This vulnerability enabled attackers to exploit CORS settings to access sensitive email information of both authenticated and unauthenticated users (with the latter requiring additional social engineering).

Affected Products

VendorProductVersionsPlatforms
GCPIdentity-Aware Proxy (IAP)
GCPCloud Services

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›