Severe Flaw in Google Clouds Cloud SQL Service Exposed Confidential Data

26-May-23

The Google Cloud Platforms (GCP) Cloud SQL service has been found to have a fresh security vulnerability that might potentially be used to access private information. The flaw might have allowed a hostile actor to advance from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, and passwords in addition to client data, according to Israeli cloud security firm Dig.

MySQL, PostgreSQL, and SQL Server databases can be created using Cloud SQL, a fully-managed solution. As a result, it was easy to seize full control of the database server by abusing yet another crucial misconfiguration to obtain system administrator capabilities.

Read More…