January 24, 2024 at 11:18AM
A misconfiguration in Google Kubernetes Engine (GKE) has allowed a security loophole, enabling attackers to access sensitive information and take over clusters. Cloud security startup Orca Security reported that the issue is due to privileges granted to the system:authenticated group. Approximately 250,000 GKE clusters were found exposed, with over 1,300 potentially vulnerable. Google has taken steps to mitigate the risks in GKE version 1.28.
Based on the meeting notes, the main takeaways are as follows:
– Orca Security warned of a misconfiguration in Google Kubernetes Engine (GKE) that could potentially lead to attackers taking over Kubernetes clusters and accessing sensitive information.
– The issue is related to the privileges granted to users in the system:authenticated group, which includes all users with a Google account, potentially creating a significant security loophole.
– Orca discovered that an attacker could access a token and become part of the system:authenticated group, potentially leading to access to discovery APIs and more serious consequences if authenticated users are authorized with extended roles.
– More than 250,000 GKE clusters were found exposed to the internet, with about 1,300 potentially vulnerable to this misconfiguration and more than 100 immediately compromised.
– GKE clusters impacted by this misconfiguration were found to expose sensitive credentials and access to critical resources.
– Google has taken steps to mitigate the risks in GKE version 1.28 by introducing preventative measures and advising users to review their configurations.
Let me know if there’s anything else you need assistance with!