Google Denies Bounty for a Critical GCP Bug It Still Hasn't Fixed
Researcher Justin O'Leary found a critical Google Cloud IAM bypass in Config Connector; Google first praised it, then denied the bounty and left it unfixed.
Cloud security researcher Justin O'Leary disclosed a critical flaw he named ConfigConfusion in Google Cloud's Kubernetes-based Config Connector operator. The bug lets any namespace user bypass GCP's Identity and Access Management controls and escalate to full Organization Owner privileges. Google initially accepted the report as P1/S1 priority with a 'Nice catch!' response, only to reverse course eleven days later, claiming the issue doesn't qualify for a reward because the software is 'working as intended.'
According to O'Leary, the root cause is a missing authorization check: Config Connector executes privileged operations on a user's behalf without verifying their identity, creating a textbook confused-deputy vulnerability. With just a few lines of YAML, an attacker with no GCP permissions can gain full administrative control over an entire organization's projects, secrets, billing and Gmail accounts within seconds — leaving no audit trail since the attacker's Kubernetes identity never touches GCP IAM directly.
Google argues the exploit only applies to attackers who already control a privileged service account granted Organization Admin rights, but O'Leary counters that such permissions are standard practice and shouldn't enable this level of abuse. Three months on, the bug remains marked 'in progress (accepted)' with no CVE and no fix. A similar pattern played out with Microsoft, which rejected and then silently patched an AKS privilege-escalation bug O'Leary reported — highlighting a recurring transparency problem in how major cloud vendors handle bug bounty disclosures.