A brand new safety flaw has been disclosed within the Google Cloud Platform’s (GCP) Cloud SQL service that may very well be doubtlessly exploited to acquire entry to confidential knowledge.
“The vulnerability might have enabled a malicious actor to escalate from a primary Cloud SQL consumer to a full-fledged sysadmin on a container, getting access to inside GCP knowledge like secrets and techniques, delicate information, passwords, along with buyer knowledge,” Israeli cloud safety agency Dig mentioned.
Cloud SQL is a fully-managed resolution to construct MySQL, PostgreSQL, and SQL Server databases for cloud-based functions.
The multi-stage assault chain recognized by Dig, in a nutshell, leveraged a spot within the cloud platform’s safety layer related to SQL Server to escalate the privileges of a consumer to that of an administrator position.
The elevated permissions subsequently made it doable to abuse one other essential misconfiguration to acquire system administrator rights and take full management of the database server.
From there, a menace actor might entry all information hosted on the underlying working system, enumerate information, and extract passwords, which might then act as a launchpad for additional assaults.
“Gaining entry to inside knowledge like secrets and techniques, URLs, and passwords can result in publicity of cloud suppliers’ knowledge and clients’ delicate knowledge which is a significant safety incident,” Dig researchers Ofir Balassiano and Ofir Shaty mentioned.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Deception can detect superior threats, cease lateral motion, and improve your Zero Trust technique. Join our insightful webinar!
Following accountable disclosure in February 2023, the problem was addressed by Google in April 2023.
The disclosure comes as Google introduced the supply of its Automatic Certificate Management Environment (ACME) API for all Google Cloud customers to mechanically purchase and renew TLS certificates free of charge.