medium

GKE Authorized Networks bypass via Cloud Functions

Published Tue, Jun 7th, 2022
Platforms

Summary

Executing Cloud Functions in any project and in any organization allows bypassing the GKE Authorized Networks (aka Kubernetes control plane firewalls) of a cluster in a different project or organization.

Affected Services

GKE

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Wed, Mar 9th, 2022
Exploitablity Period
ongoing
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Peter Collins, null