critical

Dropping a Shell in Google Cloud SQL

Published Tue, Aug 18th, 2020

Platforms

Summary

Researchers discovered vulnerabilities in Google Cloud SQL that allowed gaining unauthorized shell access to MySQL instances. By chaining SQL injection, parameter injection in mysqldump, and network spoofing, they were able to escape a Docker container and gain full access to the host VM running Cloud SQL.

Affected Services

Cloud SQL

Remediation

None required. Google patched the vulnerabilities.

Tracked CVEs

No tracked CVEs

References

https://www.ezequiel.tech/2020/08/dropping-shell-in.html https://offensi.com/2020/08/18/how-to-contact-google-sre-dropping-a-shell-in-cloud-sql/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Exploitability Period

Known ITW Exploitation

Detection Methods

Monitor for suspicious export operations and network activity on Cloud SQL instances. Review logs for anomalous mysqldump commands or container escapes.

Piercing Index Rating

Discovered by

Ezequiel Pereira and Wouter ter Maat

More vulnerabilities...

low

S3 Crypto SDK vulnerabilities

Sophie Schmieg, GoogleAug 10, 2020

low

CloudTrail S3 data events leak bucket Account ID

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource key in err...

Jonathan Rault, TrustOnCloudJul 27, 2020

low

XSS on EC2 web console

Display of EC2 tags had XSS

Johann RehbergerJul 1, 2020

View all