"Attackers are as sophisticated as they need to be," Traxler told The Register, when asked about the likelihood of the issue being abused in real-world attacks. "If an environment is immature, with broad access to data commonly and easily found, leveraging this flaw in Document AI is unnecessary. However, in hardened environments that adhere more strictly to least privilege, leveraging the Document AI service to exfiltrate data would both align with an attacker's motivation..."
The whole vulnerability reporting process was a bit of a mess. Traxler reported the flaw in early April, but Google initially determined that the documentation was 'insufficient' to pay a bounty for the find. Then later, they changed course and awarded the bug hunter $3133.70 for her reporting - and marked the status as 'fixed,' while Traxler contends it's still a problem.
This, according to threat detection and response company Vectra AI and its principal security researcher Kat Traxler, who says that despite eventually receiving a bug bounty from Google for the find, the cloud giant has yet to fix the misconfiguration, meaning that this attack vector is still wide open.
Traxler detailed this attack in research published Monday alongside a proof-of-concept (POC) demonstrating how she bypassed Document AI's access controls, swiped a PDF from a source Google Cloud Storage bucket, altered the file and then returned it.
[
Collection
]
[
|
...
]