A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL provider that could be potentially exploited to receive obtain to confidential knowledge.
“The vulnerability could have enabled a destructive actor to escalate from a essential Cloud SQL consumer to a whole-fledged sysadmin on a container, getting entry to internal GCP info like secrets and techniques, delicate data files, passwords, in addition to client data,” Israeli cloud security organization Dig claimed.
Cloud SQL is a thoroughly-managed remedy to establish MySQL, PostgreSQL, and SQL Server databases for cloud-centered purposes.
The multi-stage attack chain discovered by Dig, in a nutshell, leveraged a gap in the cloud platform’s security layer involved with SQL Server to escalate the privileges of a consumer to that of an administrator purpose.
The elevated permissions subsequently manufactured it feasible to abuse one more critical misconfiguration to get system administrator legal rights and acquire entire regulate of the databases server.
From there, a threat actor could entry all data files hosted on the underlying working procedure, enumerate files, and extract passwords, which could then act as a launchpad for further more assaults.
“Gaining entry to inner data like tricks, URLs, and passwords can guide to exposure of cloud providers’ data and customers’ delicate information which is a major security incident,” Dig scientists Ofir Balassiano and Ofir Shaty said.
Impending WEBINARZero Have confidence in + Deception: Master How to Outsmart Attackers!
Find how Deception can detect state-of-the-art threats, stop lateral movement, and boost your Zero Rely on method. Sign up for our insightful webinar!
Preserve My Seat!
Following liable disclosure in February 2023, the issue was dealt with by Google in April 2023.
The disclosure comes as Google announced the availability of its Computerized Certification Administration Ecosystem (ACME) API for all Google Cloud end users to quickly receive and renew TLS certificates for totally free.
Found this write-up intriguing? Abide by us on Twitter and LinkedIn to go through additional exclusive information we put up.
Some parts of this article are sourced from:
thehackernews.com