Google Storage Bucket Takeover which is getting used in github repository "github.com/wardviaene/kubernetes-course" in wardviaene/kubernetes-course
May 8th 2022
wardviaene have a opensource project for kubernetes-course In the project, there is a README file which is contains installation instruction of helm. Those instructions are suggesting to download helm binary from a google bucket which was not registered on GCP. So I was able to takeover the bucket for PoC
Proof of Concept
curl -s https://storage.googleapis.com/kubernetes-helm/takeover.html | base64 --decode
An attacker can takeover the bucket and host malicious helm binaries on it, when any one uses the project, they will end up downloading malicious binary which could lead to RCE on the host machine.