medium

GKE Authorized Networks bypass via Cloud Functions

Published Tue, Jun 7th, 2022

Platforms

Summary

Executing Cloud Functions in any project and in any organization allows bypassing the GKE Authorized Networks (aka Kubernetes control plane firewalls) of a cluster in a different project or organization.

Affected Services

GKE

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://cloud.google.com/blog/products/identity-security/updates-coming-for-authorized-networks-and-cloud-runfunctions-on-gke https://twitter.com/itspeterc/status/1534205155914264576

Contributed by https://github.com/mer-b

Disclosure Date

Wed, Mar 9th, 2022

Exploitablity Period

ongoing

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Peter Collins

More vulnerabilities...

low

MWAA logs leak tokens and hostnames

Two API calls used by Amazon Managed Workflows for Apache Airflow (MWAA) to convert AWS IAM credentials into tokens that can be used to login to Airflow (CreateCliToken and CreateWebLoginToken) wer...

Ben Reser, Vibes

Tue, May 31st, 2022

medium

ELB Cache mechanism HTTP header smuggling

While testing rate-limiter protection, The researcher noticed that when forcing HTTP/1 requests and injecting a space after `X-Forwarded-For` he was able to override this specific header, letting ...

Andrea Brancaleoni, Brave

Tue, May 17th, 2022

critical

Synlapse

Azure Synapse Analytics and Azure Data Factory were vulnerable to cross-tenant access and code execution. This was made possible via a combination of (1) a shell injection RCE vulnerability in the ...

Tzah Pahima, Orca Security

Mon, May 9th, 2022

View all