Remote Command Execution in Google Cloud with Single Directory Deletion

Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at GMO Flatt Security Inc. A while ago, I participated in the Google Cloud VRP bugSWAT, a live hacking event organized by Google. During this event, I discovered a remote command execution vulnerability in one of Google Cloud’s services. As the vulnerability has now been fixed, I would like to share the technical details in this article. TL;DR Google Cloud has a product called Looker, and this product has a feature to manage Git repositories.