VDB
GCVE-110-CLOUD-2024-0017
GCVE-110-CLOUD-2024-0017
Advisory Published
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project, in a way that isn't properly documented.
The Document AI service agent is auto-assigned with excessive permissions, allowing it to access all objects from Cloud Storage buckets in the same project.
Malicious actors can exploit this to exfiltrate data from Cloud Storage by indirectly leveraging the service agent's permissions.
This vulnerability is an instance of transitive access abuse, a class of security flaw where unauthorized access is gained indirectly
through a trusted intermediary.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Document AI, Cloud Storage | — | — |
| Azure | Storage | — | — |
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.