A security researcher has discovered bugs in Google's platform that deals with bugs and unpatched vulnerabilities, leading him to gain access to the company's sensitive internal systems. According to a report in Motherboard in Wednesday, Alex Birsan found vulnerabilities inside the Google Issue Tracker - used internally to track bugs and feature requests during product development.
The largest one of these was one that allowed the researcher to access the internal platform at all. The company has quickly patched the bugs found by Birsan and there's no evidence anyone else found the bugs and exploited them, the report added.
Birsan found three bugs in the platform. "Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you're spying on them," Birsan told Motherboard.
"They are all patched now and he received rewards of $3,133.7, $5,000, and $7,500 for reporting them to Google," the report said.
Issue Tracker is available outside of Google for use by external public and partner users who need to collaborate with Google teams on specific projects. The platform has access control permissions that govern which users can find, view, create and modify issues for each project.
"We appreciate Alex's report. We've patched the vulnerabilities that he reported, as well as their variants," a Google spokesperson was quoted as saying.