Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #32468
📄

Report #32468

Report Date
June 22, 2024
Status
Closed
Payout

Exposed Google Cloud Service Account Private Key

‣
Report Info

Report ID

#32468

Report type

Websites and Applications

Has PoC?

Yes

Target

https://github.com/BeanstalkFarms/Beanstalk-Analytics/commit/fedefc69a6cc650988da472dd8bf2172d1efe20a#diff-056eea0a71455efcf9708b7ff52a6a7f5b34fe139a99f08c15a9096e39c623c5R1-R12(Out of scope)

Impacts

Taking state-modifying authenticated actions (with or without blockchain state interaction) on behalf of other users without any interaction by that user, such as voting in governance

Description

During a security assessment, it was discovered that the private key associated with the Google Cloud service account bean-analytics-data-writer@tbiq-beanstalk-analytics.iam.gserviceaccount.com from project tbiq-beanstalk-analytics was exposed publicly. This exposure poses a severe security risk as it allows unauthorized access to resources controlled by this service account.

Vulnerability Details

The private key associated with the service account has been exposed in a public context, potentially accessible to anyone who can access the location where it was found. This key (private_key) is sensitive information that should never be shared or exposed publicly. The exposure of this key allows an attacker to potentially impersonate the service account and access resources or perform actions on behalf of the compromised account.

Impact Details

The exposure of the service account's private key has the potential to compromise the confidentiality, integrity, and availability of data and services hosted on Google Cloud Platform under the affected project.

Proof of concept

1. visit https://github.com/BeanstalkFarms/Beanstalk-Analytics/commit/fedefc69a6cc650988da472dd8bf2172d1efe20a#diff-056eea0a71455efcf9708b7ff52a6a7f5b34fe139a99f08c15a9096e39c623c5R1-R12 2. you will see the exposed key

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is in scope for the bug bounty program
  • claimed asset by the whitehat is not in scope for the bug bounty program
  • PoC has been submitted to the project
  • claimed severity is in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.