Google’s bug-tracking system contained its own vulnerabilities, researcher discovers

A researcher has uncovered security holes in Google’s bug-tracking database that could have potentially resulted in malicious hackers accessing sensitive information, including details of ways to exploit unpatched vulnerabilities in Google products. Researcher Alex Birsan has described how he managed to trick Google Issue Tracker (known internally to Google staff as Buganizer) into granting him access to much more information than would normally be allowed to external parties.

Read full news article on Graham Cluley