Google Cloud fixes major security issue

Google Cloud fixed Kubernetes flaw allowing hackers to gain full control, with updated GKE and ASM versions now secure

Tech Desk December 30, 2023
Google Cloud

Google Cloud recently fixed a security flaw in its Kubernetes clusters that could have let hackers with limited access gain full control.

The problem was with Fluent Bit, a logging tool, and Anthos Service Mesh, a service management platform. If a hacker got into the Fluent Bit container, they could use Anthos Service Mesh's high privileges to take over the entire cluster.

Google has now patched this issue and confirmed that the vulnerabilities weren't used maliciously. They also provided updated versions of Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) that are safe from this vulnerability:

  • 1.25.16-gke.1020000
  • 1.26.10-gke.1235000
  • 1.27.7-gke.1293000
  • 1.28.4-gke.1083000
  • 1.17.8-asm.8
  • 1.18.6-asm.2
  • 1.19.5-asm.4

Unit 42, the cybersecurity team of Palo Alto Networks, initially discovered this issue. They warned that this flaw could lead to data theft, malicious software deployment, or disruptions in the cluster's operations. But, the attacker would first need to breach the Fluent Bit container.

Read More Baidu's ChatGPT-like Ernie Bot has more than 100 mln users

Fluent Bit in GKE processed logs and had access to tokens from Kubernetes service accounts, which could be exploited. A hacker could use these tokens to create a new pod with top-level admin rights, giving them complete control over the cluster.

Security expert Shaul Ben Hai pointed out that the CRAC (clusterrole-aggregation-controller) service account was particularly vulnerable, as it could grant extensive permissions, making the attack more severe. However, with Google's recent fixes, these concerns have been addressed.


Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ