A vulnerability classified as problematic has been found in Google Cloud Projects. Affected is the function projects.serviceAccounts.list of the component IAM API. The manipulation of the argument pageToken leads to information disclosure.

The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.