CVE-2024-12236
📋 TL;DR
This vulnerability in Vertex Gemini API allowed data exfiltration when VPC Service Controls (VPC-SC) was enabled. Attackers could bypass VPC-SC security restrictions by using specially crafted file URIs for image inputs, routing requests outside the intended security perimeter. Only Google Cloud Platform customers using Vertex Gemini API with VPC-SC enabled were affected.
💻 Affected Systems
- Google Cloud Vertex Gemini API
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Sensitive data stored within VPC-SC perimeter could be exfiltrated to external systems controlled by attackers, potentially exposing confidential information.
Likely Case
Limited data exposure through crafted image file URIs that bypass VPC-SC restrictions, though exploitation requires specific knowledge of the vulnerability.
If Mitigated
With VPC-SC properly configured and the Google fix applied, all attempts to use external file URIs return error messages, preventing data exfiltration.
🎯 Exploit Status
Exploitation requires knowledge of the vulnerability and ability to craft specific file URIs, but no authentication bypass is needed beyond normal API access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Backend fix implemented by Google Cloud Platform
Vendor Advisory: https://cloud.google.com/vertex-ai/generative-ai/docs/security-bulletins#gcp-2024-063
Restart Required: No
Instructions:
No action required. Google Cloud Platform has implemented a backend fix that automatically returns error messages when media file URLs are specified in fileUri parameter with VPC-SC enabled.
🔧 Temporary Workarounds
Disable external file URIs
allConfigure Vertex Gemini API to only accept image inputs from within VPC-SC perimeter or through approved storage locations.
🧯 If You Can't Patch
- Monitor API logs for attempts to use external file URIs with VPC-SC enabled
- Implement additional network controls to restrict outbound connections from Vertex Gemini API services
🔍 How to Verify
Check if Vulnerable:
Test if Vertex Gemini API with VPC-SC enabled accepts external file URIs in fileUri parameter for image inputs. If it processes them without error, the system may be vulnerable.Check Version:
Not applicable - fix is implemented at Google Cloud Platform backend levelVerify Fix Applied:
Attempt to use an external file URI in fileUri parameter with VPC-SC enabled. The system should return an error message instead of processing the request.📡 Detection & Monitoring
Log Indicators:
- API requests with external URLs in fileUri parameter
- Error messages related to VPC-SC violations for file URI processing
Network Indicators:
- Unexpected outbound connections from Vertex Gemini API services to external domains
SIEM Query:
source="vertex-gemini-api" AND (uri="*http://*" OR uri="*https://*") AND parameter="fileUri"