Google Storage Bucket Takeover which is getting used in github repository "" in wardviaene/kubernetes-course


Reported on

May 8th 2022


wardviaene have a opensource project for kubernetes-course In the project, there is a README file which is contains installation instruction of helm. Those instructions are suggesting to download helm binary from a google bucket which was not registered on GCP. So I was able to takeover the bucket for PoC

Proof of Concept

curl -s | base64 --decode


An attacker can takeover the bucket and host malicious helm binaries on it, when any one uses the project, they will end up downloading malicious binary which could lead to RCE on the host machine.


Go to

Search for kubernetes-helm

You will see bucket getting used in setup instructions

Try accessing the bucket using this url

You will see a base64 string, try decoding the string you will see takeover message

We are processing your report and will contact the wardviaene/kubernetes-course team within 24 hours. a year ago
We created a GitHub Issue asking the maintainers to create a 10 months ago
Edward Viaene validated this vulnerability 10 months ago
Arshad Kazmi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Edward Viaene marked this as fixed in master with commit 627b9b 10 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE has been validated
Arshad Kazmi
10 months ago



I have verified the fix. The link has been updated.

to join this conversation