Blog

Jan 25, 2024

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Posted by in category: cybercrime/malcode

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster.

The critical shortcoming has been codenamed Sys: All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector.

In a report shared with The Hacker News, security researcher Ofir Yakobi said it “stems from a likely widespread misconception that the system: authenticated group in Google Kubernetes Engine includes only verified and deterministic identities, whereas in fact, it includes any Google authenticated account (even outside the organization).”

Comments are closed.