A vulnerability discovered in GCP's Cloud SQL service could be abused
to result in complete control of the database engine and access to the
host OS. An attacker could have listed and accessed files in the host OS,
including any secrets on the machine, as well as gaining access to service
agents. However, it is unclear from the report if this level of access could
have allowed lateral movement within the Cloud SQL service or grant cross-tenant
access to other customers' data. The root cause of this vulnerability is also
unclear, though it allowed a series of privilege escalations, initially granting
the default sqlserver user access to a GCP admin role, and then the sysadmin role,
effectively granting a potential threat actor full access to the SQL server.