CIO Influence
CIO Influence News Security

Dig Security Uncovers Vulnerability in GCP CloudSQL Service Exposing Provider and Customer Data, Remediates Issues

Dig Security Uncovers Vulnerability in GCP CloudSQL Service Exposing Provider and Customer Data, Remediates Issues

Security flaw could have enabled bad actors to access sensitive data, including secrets, URLs and passwords

Dig, the cloud data security leader, released new threat research highlighting the discovery of a critical vulnerability in the Google Cloud Platform (GCP) CloudSQL service. The vulnerability could have enabled a malicious actor to escalate from a basic CloudSQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data.

Dig’s research team identified the vulnerability through a gap in GCP’s security layer. This vulnerability enabled them to escalate initial privilege and add a user to the DbRootRole role, a GCP admin role. Another critical misconfiguration in the roles permissions architecture enabled Dig’s researchers to further escalate their privilege, eventually granting their user the sysadmin role. They bypassed the barrier and got full control on the SQL Server.

CIO INFLUENCE News: DataStax and ThirdAI Partner to Accelerate AI Adoption – in the Cloud or Datacenter – at Dramatically Lower Cost

Assuming complete control on the database engine, Dig’s researchers gained access to the operating system hosting the database. At this point they could access sensitive files in the host OS, list files and sensitive paths, read passwords and extract secrets from the machine. The host also gained access to the underlying https://cloud.google.com/iam/docs/service-agents, which could be further escalated to other environments.

While the Dig research team got access to the operating system, they managed to find some of Google’s internal URLs related to the docker image repository. They were able to access the internal repo (which has since been fixed, and access is blocked from non internal IPs).

CIO INFLUENCE News: SADA Partners with Google Cloud to Build and Deploy New, Generative-AI Powered Features

Upon discovering the vulnerabilities, Dig’s research team followed coordinated disclosure practices with Google, and all issues were remediated swiftly.

“Cloud data assets are the main target of today’s cyberattacks,” said Dan Benjamin, Co-Founder and CEO, Dig Security. “Data is the lifeblood of the modern enterprise, and GCP is one of the top public cloud providers. We chose to focus this threat research on CloudSQL because of its potential impact on customer data. We were proud to work closely with the Google team to patch the new security vulnerability swiftly and effectively.”

Dig helps organizations discover, classify, protect, and govern their cloud data without giving up cloud agility and speed. It is easy-to-implement, cloud-scalable, and highly efficient for today’s security teams.

CIO INFLUENCE News: MATRIXX Software and Blue Planet to Offer Dynamic Monetization and Intelligent Automation at Scale

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Experian Selected as a Leading Provider of Fraud Detection and Prevention

Sony’s Ci Media Cloud Announces Integrations and Enhanced Functionality

PR Newswire

Panoply Gives Customers More Storage and Higher Performance with Move to Google Cloud BigQuery

CIO Influence News Desk