| शीर्षक | CITYDATA CityChat(ai.citydata.citychat) 0.12.6 Google Cloud Service Account Key Exposure |
|---|
| विवरण | The Android application ai.citydata.citychat version 0.12.6 embeds a full Google Cloud service account key file in its assets at resources/assets/flutter_assets/assets/credentials.json. An attacker can extract this file via reverse engineering and use it to authenticate to Google Cloud Platform. With the stolen credentials, the attacker gains unauthorized read‑only access to Dialogflow APIs, allowing them to retrieve agent details and list all intents. This exposes the conversational logic of the chatbot, leading to information disclosure and potential misuse of the extracted knowledge. |
|---|
| स्रोत | ⚠️ https://www.notion.so/Google-Cloud-Service-Account-Key-Exposure-Leading-to-Dialogflow-Data-Access-in-ai-citydata-citychat-3192de3f97fb80ca9739ebc6329c8449?source=copy_link |
|---|
| उपयोगकर्ता | fxizenta (UID 28116) |
|---|
| सबमिशन | 04/03/2026 04:16 PM (3 महीनों पहले) |
|---|
| संयम | 16/03/2026 07:10 AM (12 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 351209 [CityData CityChat तक 0.12.6 पर Android ai.citydata.citychat credentials.json अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|