medium

GKE gVisor sandbox escape

Published Wed, Dec 30th, 2020
Platforms

Summary

A bug in the GKE gVisor sandbox's network policy implementation allowed access to the Google Compute Engine metadata API.

Affected Services

GKE

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Wed, Dec 30th, 2020
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Bastien Chatelard, Koyeb