Summary
Multiple vulnerabilities were found in Google Cloud SQL, including config file injection leading to RCE, information disclosure in the Cloud SQL Auth Proxy, and a design issue in Postgres IAM authentication allowing access token theft. Other issues included GCR permission misconfigurations and potential for terminal escape sequence injection attacks via gcloud.
Affected Services
Cloud SQL, Cloud SQL Auth Proxy
Remediation
Upgrade Cloud SQL Auth Proxy clients to force TLSv1.3. Review and restrict permissions on GCR repositories. Consider disabling MySQL LOAD DATA LOCAL feature.
Tracked CVEs
No tracked CVEs
References
https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960dhttps://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Thu, Jan 21st, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected Cloud SQL instance access or configuration changes. Review Cloud SQL Auth Proxy logs for anomalous connection attempts.
Piercing Index Rating
-
Discovered by
Imre Rad
