Google Cloud patches vulnerability in CloudSQL service
A vulnerability in the CloudSQL service of the Google Cloud Platform (GCP) could have let a bad actor escalate from a basic CloudSQL user to a full-fledged sysadmin on a container and gain access to internal GCP data, such as secrets, sensitive files, passwords and customer data.
In a May 24 blog post, Dig Security researchers said upon discovering the vulnerabilities, its research team followed coordinated disclosure practices with Google, and all issues were resolved quickly. The issue was not assigned a CVE; as in the vast majority of cases involving cloud services, it's up to the cloud provider to fix the flaw and there's not much rank-in-file security teams can do.
The Dig Security researchers said they identified the vulnerability through a gap in GCP’s security layer. This vulnerability let them escalate initial privilege and add a user to the DbRootRole role, a GCP admin role. Another critical misconfiguration in the roles permissions architecture also let Dig’s researchers further escalate their privilege, eventually granting their user the sysadmin role. They then bypassed the barrier and got full control on the SQL Server.
Once they assumed complete control on the database engine, Dig Security’s researchers gained access to the operating system hosting the database. At that point they could access sensitive files in the host OS, list files and sensitive paths, read passwords and extract secrets from the machine.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25415491/DSC08587.JPG)
