Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bug bounty
Now fixed, the bug, which researcher avid Schütz has documented in a comprehensive video and blog post, could have allowed an attacker to access sensitive resources and possibly run malicious code.