漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Privilege Escalation in Dialogflow CX via Webhook Admin Role
Vulnerability Description
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level to project-level, granting them unauthorized access to manage resources in services associated with the project, leading to unexpected costs and resource depletion for the producer project. A fix was applied on the server side to protect from this vulnerability in February 2025. No customer action is required.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Google Cloud Dialogflow CX 安全漏洞
Vulnerability Description
Google Cloud Dialogflow CX是美国谷歌(Google)公司的一个虚拟代理构建平台。 Google Cloud Dialogflow CX存在安全漏洞,该漏洞源于Webhook编辑器权限配置不当,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A