Description

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.

INFO

Published Date :

2024-12-10T15:07:40.230Z

Last Modified :

2025-01-30T09:03:11.836Z

Source :

Google
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12236 vulnerability.

Vendors Products
Google
  • Vertex Gemini Api
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12236.

URL Resource
https://cloud.google.com/vertex-ai/generative-ai/docs/security-bulletins#gcp-2024-063 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact