medium

GKE gVisor sandbox escape

Published Wed, Dec 30th, 2020

Platforms

gcp

Summary

A bug in the GKE gVisor sandbox's network policy implementation allowed access to the Google Compute Engine metadata API.

Affected Services

GKE

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.koyeb.com/blog/escaping-gke-gvisor-sandboxing-using-metadata

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Wed, Dec 30th, 2020

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

Bastien Chatelard, Koyeb

More vulnerabilities...

AWS SOC 2 type 2 failure (Fall 2020)

aws

Information about this issue is under NDA, but AWS customers can read about it on pages 120-121 of the report, which is available for download through AWS Artifact. Note: This issue is outside the ...

Anonymous discoverer
high

IAM privilege escalation in multiple GCP services

gcp

Composer, Dataflow, Dataproc, Dataprep and Data Fusion all used the Compute Engine default service account by default and relied on product-level IAM permissions without requiring the iam.serviceAc...

Allison Donovan, Dylan Ayrey
medium

GCP Default compute account is project Editor

gcp

When the compute API is enabled on a GCP Project, the default compute account is created. This account gets the primitive role Editor assigned by default, which allows for a wide variety of privile...

Louis Duruflé-Seta
View all