SADA reports severe vulnerability in Google Cloud Platform's asset inventory API

Security experts at SADA recently discovered a significant vulnerability in the Google Cloud Platform that had the potential to allow hackers to steal the private keys of Google Cloud Service Accounts. This flaw was located in the Cloud Asset Inventory API of the Google Cloud Platform and affected all users who had enabled this API and had cloudasset.assets.searchAllResources permissions. This means that many customers who utilized this service may have had their sensitive information compromised.

Fortunately, SADA notified Google about the vulnerability through their Bug Hunters bounty program. Google was quick to respond, reproducing the error to confirm its existence before immediately patching the flaw. Although Google addressed the issue promptly, SADA warns that customers may have still been affected by the vulnerability.

In light of this situation, SADA commends Google Cloud for its swift response and thorough investigation into the vulnerability. They emphasized the importance of constant vigilance when it comes to security as more customers move their operations to the cloud. You can find the full SADA report at the end of this article, in the Read More section.