Google Kubernetes Flaw Let Any Google User Control the Cluster

Researchers have discovered a new loophole in Google Kubernetes Engine (GKE), which threat actors can utilize with a Google account to take over the misconfigured Kubernetes Cluster.  Threat actors can further use these compromised clusters for crypto mining, DoS (denial of service), and data theft. This loophole is dubbed “Sys:all” and affects more than 250,000 active GKE clusters, hundreds of them containing sensitive information.

Source: GBHackers

 


Date:

Categorie(s):