Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers
January 25, 2024 at 11:55AM A loophole in Google Kubernetes Engine (GKE) authentication allows external attackers with Google accounts to access private Kubernetes clusters, posing serious security risks. Orca Security discovered the issue, named Sys:All, which grants unauthorized access by mistakenly binding overly permissive roles to the “system:authenticated” group. Google has taken steps to mitigate … Read more