Cloud SQL vulnerabilities in Google's RDS offering
Published Mon, Oct 18th, 2021
Platforms
Summary
Multiple vulnerabilities were found in Google Cloud SQL, including config file injection leading to RCE, information disclosure in the Cloud SQL Auth Proxy, and a design issue in Postgres IAM authentication allowing access token theft. Other issues included GCR permission misconfigurations and potential for terminal escape sequence injection attacks via gcloud.
Affected Services
Cloud SQL, Cloud SQL Auth Proxy
Remediation
Upgrade Cloud SQL Auth Proxy clients to force TLSv1.3. Review and restrict permissions on GCR repositories. Consider disabling MySQL LOAD DATA LOCAL feature.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Thu, Jan 21st, 2021
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected Cloud SQL instance access or configuration changes. Review Cloud SQL Auth Proxy logs for anomalous connection attempts.
Piercing Index Rating
-
Discovered by
Imre Rad
