Skip to main content

Posts

31k$ SSRF in Google Cloud Monitoring led to metadata exposure

Update 25.01.2021: Added Google engineers exploit method for getting access token.   Google Cloud Monitoring (formerly called Stackdriver) is a service, which provides monitoring for cloud resources (VM instances, App Engine, Cloud functions...). It is available from Google Cloud Console. This service offers monitoring, alerting, uptime checks of cloud resources and much more. It is important to note that the Google Cloud Monitoring service itself is running on Google Cloud virtual machines. Every virtual machine in Google Cloud stores its metadata on the metadata server . Those metadata include project ID, service account information, information about the virtual machine, or public ssh keys. The metadata might be queried from within the instance (from the IP address 169.254.169.254) or from the Compute Engine API. One of the services that Google Cloud Monitoring offers are Uptime checks . An Uptime check is a service, that sends periodically requests to a r