medium

GKE gVisor sandbox escape

Published Wed, Dec 30th, 2020

Platforms

Summary

A bug in the GKE gVisor sandbox's network policy implementation allowed access to the Google Compute Engine metadata API.

Affected Services

GKE

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.koyeb.com/blog/escaping-gke-gvisor-sandboxing-using-metadata

Contributed by https://github.com/0xdabbad00

Disclosure Date

Wed, Dec 30th, 2020

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Bastien Chatelard, Koyeb

More vulnerabilities...

AWS SOC 2 type 2 failure (Fall 2020)

Information about this issue is under NDA, but AWS customers can read about it on pages 120-121 of the report, which is available for download through AWS Artifact. Note: This issue is outside the ...

Anonymous discoverer

Sun, Dec 20th, 2020

high

IAM privilege escalation in multiple GCP services

Composer, Dataflow, Dataproc, Dataprep and Data Fusion all used the Compute Engine default service account by default and relied on product-level IAM permissions without requiring the iam.serviceAc...

Allison Donovan, Dylan Ayrey

Sun, Nov 22nd, 2020

medium

GCP Default compute account is project Editor

When the compute API is enabled on a GCP Project, the default compute account is created. This account gets the primitive role Editor assigned by default, which allows for a wide variety of privile...

Anonymous discoverer

Sun, Nov 22nd, 2020

View all