The vulnerability allowed a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container. According to the firm Dig, this allowed unauthorized access to internal GCP data, encompassing secrets, sensitive files, passwords, and customer data. firm Dig said.

Cloud SQL provides a turnkey method for developing cloud-based applications with MySQL, PostgreSQL, and SQL Server databases.

The user was able to gain access to the operating system running the database by taking full control of the database engine. At that point, they had the ability to view hidden files in the host operating system, retrieve passwords, view file paths, and extract other sensitive information.

Upon successfully exploiting another critical misconfiguration that granted elevated permissions, the attackers managed to seize full control over the database server.

It could serve as a springboard for further attacks if a threat actor gained access to the underlying operating system and could then access all files hosted on it, enumerate files, and extract passwords.

“Gaining access to internal data like secrets, URLs, and passwords can lead to exposure of cloud providers’ data and customers’ sensitive data, which is a major security incident,” Dig researchers Ofir Balassiano and Ofir Shaty said.

Google fixed the problem in April 2023 after receiving notification of the issue in February 2023.

Google recently announced that all Google Cloud users could use the ACME API to acquire and renew TLS certificates automatically and for no additional cost.