Summary
A vulnerability discovered in GCP's Cloud SQL service could be abused
to result in complete control of the database engine and access to the
host OS. An attacker could have listed and accessed files in the host OS,
including any secrets on the machine, as well as gaining access to service
agents. However, it is unclear from the report if this level of access could
have allowed lateral movement within the Cloud SQL service or grant cross-tenant
access to other customers' data. The root cause of this vulnerability is also
unclear, though it allowed a series of privilege escalations, initially granting
the default sqlserver user access to a GCP admin role, and then the sysadmin role,
effectively granting a potential threat actor full access to the SQL server.
Affected Services
Cloud SQL
Remediation
None required
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/jacks-reid
Disclosure Date
Mon, Feb 13th, 2023
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Dig
