漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft.
Vulnerability Description
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
Google Cloud Vertex AI 安全漏洞
Vulnerability Description
Google Cloud Vertex AI是美国谷歌(Google)公司的一个全栈式人工智能平台。 Google Cloud Vertex AI 1.133.0之前版本存在安全漏洞,该漏洞源于Vertex AI Experiments中存在可预测的存储桶命名,允许未经身份验证的远程攻击者通过预先创建可预测命名的Cloud Storage存储桶实现跨租户远程代码执行、模型窃取和投毒。
CVSS Information
N/A
Vulnerability Type
N/A