Uncovering the Hidden Dangers of Google Cloud SQL Service

The Google Cloud Platform’s (GCP) Cloud SQL service has a recently discovered security weakness that might potentially be used to access private data.

The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data.

Israeli cloud security firm Dig

Cloud SQL is a fully-managed solution to build MySQL, PostgreSQL, and SQL Server databases for cloud-based applications.

In a word, the multi-stage attack chain discovered by Dig exploited a hole in the security layer of the cloud platform connected to SQL Server to elevate the rights of a user to that of an administrator role.
Following that, it was able to take advantage of another crucial misconfiguration to get system administrator rights and seize total control of the database server by abusing the higher permissions.

Our Readers ALSO READ

Barracuda’s Warning of Zero-Day Exploitation

A threat actor might then access all files housed on the underlying operating system, list files, and extract passwords, serving as a springboard for other attacks.

Gaining access to internal data like secrets, URLs, and passwords can lead to exposure of cloud providers’ data and customers’ sensitive data which is a major security incident.

Dig researchers Ofir Balassiano and Ofir Shaty 

Google resolved the problem in April 2023 after making a responsible disclosure in February 2023.
Google revealed the information at the same time that it made it’s Automatic Certificate Management Environment (ACME) API available to all Google Cloud users so they may automatically obtain and renew TLS certificates at no cost.

Found this Article insightful? Follow our Linkedin and Facebook handles for more exclusive content like this.