Skip to content
Nuclei Templates

Secure CORS Configuration for Cloud Storage Buckets

ID: gcloud-secure-cors-configuration

Severity: medium

Author: princechaddha

Tags: cloud,devops,gcp,gcloud,google-cloud-storage,cors,security,gcp-cloud-config

Description

Section titled “Description”

Ensure that Cross-Origin Resource Sharing (CORS) configuration set for your Google Cloud Storage buckets only allows trusted origins to prevent unauthorized data access from web applications. The trusted, authorized origins must be configured according to your organization’s policy.

YAML Source

Section titled “YAML Source”
id: gcloud-secure-cors-configuration


info:
  name: Secure CORS Configuration for Cloud Storage Buckets
  author: princechaddha
  severity: medium
  description: |
    Ensure that Cross-Origin Resource Sharing (CORS) configuration set for your Google Cloud Storage buckets only allows trusted origins to prevent unauthorized data access from web applications. The trusted, authorized origins must be configured according to your organization's policy.
  impact: |
    Improper CORS configuration can allow unauthorized web applications to access sensitive data stored in your Cloud Storage buckets.
  remediation: |
    Update the CORS configuration for your Cloud Storage buckets to only allow trusted origins defined by your organization’s policy.
  reference:
    - https://cloud.google.com/storage/docs/configuring-cors
  tags: cloud,devops,gcp,gcloud,google-cloud-storage,cors,security,gcp-cloud-config


flow: |
  code(1)
  for(let projectId of iterate(template.projectIds)){
    set("projectId", projectId)
    code(2)
    for(let bucketName of iterate(template.buckets)){
      set("bucketName", bucketName)
      code(3)
    }
  }


self-contained: true


code:
  - engine:
      - sh
      - bash
    source: |
      gcloud projects list --format="json(projectId)"


    extractors:
      - type: json
        name: projectIds
        internal: true
        json:
          - '.[].projectId'


  - engine:
      - sh
      - bash
    source: |
      gcloud storage buckets list --project $projectId --format="json(name)"


    extractors:
      - type: json
        name: buckets
        internal: true
        json:
          - '.[].name'


  - engine:
      - sh
      - bash
    source: |
      gcloud storage buckets describe gs://$bucketName --format="json(cors_config[].origin)" | jq -r '.[]? // "null"'


    matchers:
      - type: word
        words:
          - 'null'


    extractors:
      - type: dsl
        dsl:
          - '"The CORS configuration for the bucket " + bucketName + " in project " + projectId + " is either not set or includes unauthorized origins."'
# digest: 490a00463044022050e65bff1ef6759a0b3755b753e29f72a4574d974eee26a043ac0136ba47bc2402204210b2bbdca4898db2eb053ba84de7f4c084d0ffbc04f8d1b2c85f98afc5408d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/gcp/storage/gcloud-secure-cors-configuration.yaml"

View on Github