Dig Security Uncovers Vulnerability in GCP CloudSQL Service Exposing Provider and Customer Data, Remediates Issues
Dig, the cloud data security leader,released new threat research highlighting the discovery of a critical vulnerability in the Google Cloud Platform (GCP) CloudSQL service. The vulnerability could have enabled a malicious actor to escalate from a basic CloudSQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data.
Latest Insights: Why Only AI and Data Analytics Can Stop Financial Criminals
Dig’s research team identified the vulnerability through a gap in GCP’s security layer. This vulnerability enabled them to escalate initial privilege and add a user to the DbRootRole role, a GCP admin role. Another critical misconfiguration in the roles permissions architecture enabled Dig’s researchers to further escalate their privilege, eventually granting their user the sysadmin role. They bypassed the barrier and got full control on the SQL Server.
Assuming complete control on the database engine, Dig’s researchers gained access to the operating system hosting the database. At this point they could access sensitive files in the host OS, list files and sensitive paths, read passwords and extract secrets from the machine. The host also gained access to the underlying.
While the Dig research team got access to the operating system, they managed to find some of Google’s internal URLs related to the docker image repository. They were able to access the internal repo (which has since been fixed, and access is blocked from non internal IPs).
AiThority: The 3 Building Blocks to Make AI Accessible
Upon discovering the vulnerabilities, Dig’s research team followed coordinated disclosure practices with Google, and all issues were remediated swiftly.
“Cloud data assets are the main target of today’s cyberattacks,” said Dan Benjamin, Co-Founder and CEO, Dig Security. “Data is the lifeblood of the modern enterprise, and GCP is one of the top public cloud providers. We chose to focus this threat research on CloudSQL because of its potential impact on customer data. We were proud to work closely with the Google team to patch the new security vulnerability swiftly and effectively.”
Read More: How ChatGPT Will Transform Customer Service
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.