A recently disclosed security flaw in Google Cloud Platform’s Cloud SQL service has raised concerns about potential unauthorized access to confidential data. Israeli cloud security firm Dig revealed that the vulnerability could allow an attacker to escalate their privileges from a basic user to a full-fledged sysadmin, granting access to internal GCP data, sensitive files, passwords, and customer data.
Cloud SQL is a managed service used to build databases for cloud-based applications using MySQL, PostgreSQL, and SQL Server.
Dig identified a multi-stage attack chain that exploited a gap in the cloud platform’s security layer related to SQL Server, enabling the attacker to escalate privileges to an administrator role.
With elevated permissions, the attacker could exploit another critical misconfiguration to gain system administrator rights and assume full control over the database server.
This access would allow them to navigate the underlying operating system, access files, and extract passwords, potentially leading to further malicious activities.
Dig researchers Ofir Balassiano and Ofir Shaty emphasized the severity of gaining access to internal data, including secrets, URLs, and passwords, as it poses a significant risk to cloud providers’ and customers’ sensitive information.
Following responsible disclosure in February 2023, Google addressed the issue in April 2023. This disclosure coincides with Google’s announcement of the Automatic Certificate Management Environment (ACME) API, which enables Google Cloud users to acquire and renew TLS certificates automatically and free of charge.
