A new security flaw has been revealed in Google Cloud Platform’s (GCP)’s Cloud SQL service that can be exploited to gain access to sensitive data.
“This vulnerability elevates a malicious attacker from a basic Cloud SQL user to a full-fledged system administrator on containers, allowing them to access GCP internal data such as sensitive information, sensitive files, and passwords in addition to customer data. We may be able to access it,” said Crowd of Israel. security firm Dig said.
Cloud SQL is a fully managed solution for building MySQL, PostgreSQL, and SQL Server databases for cloud-based applications.
The multi-stage attack chain identified by Dig, in a nutshell, exploited a gap in the cloud platform’s security layer associated with SQL Server to elevate user privileges to administrator role privileges.
Privilege escalation then allowed him to exploit another serious misconfiguration to gain system administrator privileges and gain complete control of the database server.
From there, the threat actor could access all files hosted on the underlying operating system, enumerate files, and extract passwords, which could serve as a launch pad for further attacks. I have.
Dig researchers Ofir Balassiano and Ofir Shaty said, “Access to internal data such as sensitive information, URLs, and passwords can lead to the exposure of cloud provider data and sensitive customer data, which is critical. It would be a serious security incident,” he said.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
Following a responsible disclosure in February 2023, this issue was addressed by Google in April 2023.
This disclosure follows Google’s announcement of the availability of the Automated Certificate Management Environment (ACME) API, which allows all Google Cloud users to automatically obtain and renew TLS certificates for free.
