Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters
January 24, 2024 at 09:45AM A critical loophole named Sys:All in Google Kubernetes Engine (GKE) has been discovered by cybersecurity researchers, allowing threat actors with a Google account to take control of GKE clusters. Around 250,000 active GKE clusters are susceptible. Google has taken steps to address the issue in GKE versions 1.28 and later. … Read more