Google Cloud Dialogflow CX Privilege Escalation Vulnerability
Vulnerability
A privilege escalation vulnerability has been identified in Google Cloud's Dialogflow CX. This issue allows Dialogflow agent developers with Webhook editor permission to escalate their privileges from agent-level to project-level. The vulnerability arises because these developers can configure Webhooks using Dialogflow service agent access token authentication. Exploiting this vulnerability grants unauthorized access to manage resources in services associated with the project, potentially leading to unexpected costs and resource depletion for the producer project.
Impact
Exploitation of this vulnerability allows for unauthorized privilege escalation, granting agent developers project-level access and the ability to manage resources across associated services, which could result in unanticipated costs and resource depletion for the project.
Remediation
A fix for this vulnerability was applied on the server side in February 2025. No customer action is required.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.