11 matches found
CVE-2026-3136
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136 Google Cloud Build Comment Control Bypass
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136 Google Cloud Build Comment Control Bypass
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136
CVE-2026-3136 describes an improper authorization vulnerability in GitHub Trigger Comment Control within Google Cloud Build. Affected component: Trigger Comment Control in Google Cloud Build (prior to 2026-01-26). Root cause: improper authorization allows a remote attacker to execute arbitrary co...
EUVD-2026-9302
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
Google Cloud Build 安全漏洞
Google Cloud Build is a fully managed CI/CD platform provided by Google, Inc. Versions of Google Cloud Build prior to version 2026-1-26 contained security vulnerabilities. These vulnerabilities were due to improper authorization in the GitHub Trigger Comment Control mechanism, which could allow...
PT-2026-22755
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough
Researchers at Orca Security have found a design flaw in the Google Cloud Build service. Attackers would have been able to gain Privilege Escalation resulting in unauthorized access to code repositories in Googles Artifact Registry. The researchers dubbed the vulnerability Bad.Build and say it...
Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation
Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to...