11 matches found
CVE-2026-3136
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136 Google Cloud Build Comment Control Bypass
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136
CVE-2026-3136 affects Google Cloud Build’s GitHub Trigger Comment Control prior to 2026-01-26. An improper authorization issue allowed a remote attacker to execute arbitrary code within the build environment. The vulnerability has a CVSS v4.0 base score of 8.6 (HIGH) with high impact on confident...
CVE-2026-3136 Google Cloud Build Comment Control Bypass
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
EUVD-2026-9302
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
CVE-2026-3136
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
PT-2026-22755
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...
Google Cloud Build 安全漏洞
Google Cloud Build is a fully managed CI/CD platform provided by Google, Inc. Versions of Google Cloud Build prior to version 2026-1-26 contained security vulnerabilities. These vulnerabilities were due to improper authorization in the GitHub Trigger Comment Control mechanism, which could allow...
Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough
Researchers at Orca Security have found a design flaw in the Google Cloud Build service. Attackers would have been able to gain Privilege Escalation resulting in unauthorized access to code repositories in Googles Artifact Registry. The researchers dubbed the vulnerability Bad.Build and say it...
Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation
Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to...