Major Vulnerability in Google’s Cloud SQL Service Exposes Sensitive Information

A newly discovered security hole in the Cloud SQL service on Google Cloud Platform (GCP) allows hackers to exploit and steal sensitive information.

The vulnerability allowed a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container. According to the firm Dig, this allowed unauthorized access to internal GCP data, encompassing secrets, sensitive files, passwords, and customer data. firm Dig said.

Cloud SQL provides a turnkey method for developing cloud-based applications with MySQL, PostgreSQL, and SQL Server databases.

The user was able to gain access to the operating system running the database by taking full control of the database engine. At that point, they had the ability to view hidden files in the host operating system, retrieve passwords, view file paths, and extract other sensitive information.

Upon successfully exploiting another critical misconfiguration that granted elevated permissions, the attackers managed to seize full control over the database server.

Cloud SQL

It could serve as a springboard for further attacks if a threat actor gained access to the underlying operating system and could then access all files hosted on it, enumerate files, and extract passwords.

“Gaining access to internal data like secrets, URLs, and passwords can lead to exposure of cloud providers’ data and customers’ sensitive data, which is a major security incident,” Dig researchers Ofir Balassiano and Ofir Shaty said.

Research Timelines

  • February 5th 2023 – GCP CloudSQL vulnerability discovered by Dig’s research team.
  • February 13th 2023 – Google’s vulnerability reward program identified activity and reached out to Dig’s research team.
  • During April 2023 -The team successfully addressed and resolved the vulnerability.
  • April 25 2023 – GCP’s VRP program rewarded us.

Google fixed the problem in April 2023 after receiving notification of the issue in February 2023.

Google recently announced that all Google Cloud users could use the ACME API to acquire and renew TLS certificates automatically and for no additional cost.

Share this article:

Leave a Reply

Your email address will not be published. Required fields are marked *