Asterfiester

**Name of the Vulnerable Software and Affected Versions** Google Cloud Dialogflow CX Messenger versions prior to August 20th, 2025 **Description** An authentication bypass issue in Google Cloud Dialogflow CX Messenger permitted unauthorized users to interact with restricted chat agents. This allowed access to the agents’ knowledge and the ability to trigger their intents through manipulation of initialization parameters or crafted API requests. The affected API endpoint is not specified. The vulnerable parameters or variables are not specified. The vulnerable function is not specified. **Recommendations** Update to a version released on or after August 20th, 2025.

**Name of the Vulnerable Software and Affected Versions** Google Cloud Dialogflow CX (affected versions not specified) **Description** A privilege escalation issue exists in Google Cloud's Dialogflow CX. Developers with Webhook editor permission can configure Webhooks using Dialogflow service agent access token authentication. This allows an attacker to escalate privileges from agent-level to project-level, gaining unauthorized access to manage project resources, potentially leading to unexpected costs and resource depletion. The issue involves the use of Dialogflow service agent access tokens for Webhook authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.