VDB
GCVE-110-CLOUD-2024-0030
GCVE-110-CLOUD-2024-0030
Advisory Published
Cloud Audit Logs do not capture actions mediated through the cloud console private API
service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion
linked to user accounts. This absence of logs hampers defenders' ability to alert or monitor
the creation of HMAC keys for user accounts, posing a persistence risk, or their deletion,
presenting a denial of service risk.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Cloud Services | — | — |
| GCP | Google Cloud Storage XML API, Cloud Console Private API Service | — | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.