Researcher Alex Birsan (Alex Birsan) has discovered a number of security problems in the corporate Google Issue Tracker platform, where all the data about uncorrected vulnerabilities in Google products. The most serious of them allowed to access the platform and to steal the list of unsecured vulnerabilities. Birsan told Google about his discovery, and the company quickly released an update for the platform. Any evidence of exploitation by the attackers of the vulnerabilities discovered by the researcher is currently missing.

In total, Birsan discovered three vulnerabilities. As mentioned above, the worst of them allowed to access Google Issue Tracker and see every Google received from researchers a report on vulnerabilities in their products.

Typically, access to the platform, which the company also refers to as the Buganizer System, is available only to Google employees. Third-party researchers are only given access to certain sections, for example, to their vulnerability reports. However, Birsan managed to bypass the restrictions and subscribe to any section of the platform and see details about each vulnerability in the database.

According to Birsan, Google made it possible for outside researchers to unsubscribe from the electronic mailing list. The person unsubscribed, and as a last message, he received details about his vulnerability report. However, the mechanism had a serious drawback - it did not check whether the user originally had access to the partition from which it was subscribed. Thus, anyone could "unsubscribe" from a section that they had never signed to, and receive data on vulnerabilities.