VDB

GCVE-110-CLOUD-2024-0030

GCVE-110-CLOUD-2024-0030
Advisory Published
Vulnetix · Advisory published June 17, 2024
Cloud Audit Logs do not capture actions mediated through the cloud console private API service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion linked to user accounts. This absence of logs hampers defenders' ability to alert or monitor the creation of HMAC keys for user accounts, posing a persistence risk, or their deletion, presenting a denial of service risk.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Services
GCPGoogle Cloud Storage XML API, Cloud Console Private API Service

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›